7
CVE-2025-28128
- EPSS 0.36%
- Veröffentlicht 25.04.2025 00:00:00
- Zuletzt bearbeitet 12.05.2025 19:29:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mytel ≫ Telecom Online Account System Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.272 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 2.2 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
https://mytel.com.mm
https://gist.github.com/str4ng3r-0x7/3d9d310cb6cc5af39088ef44289ba588#file-cve-2025-28128