6.5

CVE-2025-2770

EPSS 0.11%
Veröffentlicht 23.04.2025 16:51:56
Zuletzt bearbeitet 15.08.2025 19:18:09
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bectechnologies ≫ Router Firmware Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.zerodayinitiative.com/advisories/ZDI-25-186/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2770

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2770

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2770

EUVD