CVE-2025-5095
Burk Technology ARC Solo's password change mechanism can be utilized without proper
authentication procedures, allowing an attacker to take over the device.
A password change request can be sent directly to the device's HTTP
endpoint without providing valid credentials. The system does not
enforce proper authentication or session validation, allowing the
password change to proceed without verifying the request's legitimacy.
authentication procedures, allowing an attacker to take over the device.
A password change request can be sent directly to the device's HTTP
endpoint without providing valid credentials. The system does not
enforce proper authentication or session validation, allowing the
password change to proceed without verifying the request's legitimacy.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-08-08 18:15:28
Güncelleme
2025-08-08 20:30:18
Source Identifier
ics-cert@hq.dhs.gov
KEV Date Added
-