4.3
CVE-2025-1880
- EPSS 0.24%
- Veröffentlicht 03.03.2025 20:15:45
- Zuletzt bearbeitet 05.03.2025 14:05:15
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Logini-Drive i11/i12 Device Pairing authentication bypass
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
I-drive ≫ I11 Firmware Version <= 20250227
I-drive ≫ I12 Firmware Version <= 20250227
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.146 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 1 | 0 | 0 |
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 2 | 0.5 | 1.4 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 1.2 | 1.9 | 2.9 |
AV:L/AC:H/Au:N/C:P/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-305 Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
https://github.com/geo-chen/i-Drive
https://vuldb.com/?ctiid.298194
https://vuldb.com/?id.298194
https://vuldb.com/?submit.510951