CVE-2025-27803

Medium CVSS: 6.5

The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2025-05-21 12:16:21

Güncelleme

2025-11-03 20:18:07

Source Identifier

551230f0-3615-47bd-b7cc-93e92e730bbf

KEV Date Added

Kategoriler

CWE-306 MEDIUM 2025

Referanslar

https://r.sec-consult.com/echarge http://seclists.org/fulldisclosure/2025/May/23