6.5

CVE-2025-28371

Exploit

EPSS 0.11%
Veröffentlicht 19.05.2025 14:15:23
Zuletzt bearbeitet 12.06.2025 16:26:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Engeniustech ≫ Enh500 Firmware Version3.7.22

Engeniustech ≫ Enh500 Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.294

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://drive.google.com/file/d/1kQFOyFQYycKynIBjbU8bMx2gYTG3Bxi2/view?usp=sharing

Exploit

https://pastebin.com/raw/EnL1XT2n

Third Party Advisory

https://pastebin.com/raw/hziq1nGH

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-28371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-28371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-28371

EUVD