CVE-2025-63224

Critical CVSS: 10.0

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

Vendor

Itel

Product

Idenc Firmware

CWE

CWE-287

Yayın Tarihi

2025-11-19 16:15:48

Güncelleme

2026-01-15 19:46:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 Idenc Firmware CRITICAL Itel 2025

Referanslar

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass https://www.itel.it/

Benzer Kayıtlar

High

CVE-2025-63219

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper se…

Critical

CVE-2025-63216

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across…

Critical

CVE-2025-63217

The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across dev…