6.5

CVE-2025-57433

Exploit

EPSS 0.05%
Veröffentlicht 22.09.2025 00:00:00
Zuletzt bearbeitet 14.10.2025 19:56:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system's security posture, as these hashes could be cracked offline, granting attackers administrative access to the device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

2wcom ≫ Ip-4c Firmware Version2.15.5

2wcom ≫ Ip-4c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.2wcom.com/

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57433

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-57433

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57433

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57433

EUVD