CVE-2025-65212

Exploit

EPSS 0.08%
Veröffentlicht 06.01.2026 00:00:00
Zuletzt bearbeitet 29.01.2026 01:31:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Njhyst ≫ Hy511 Firmware Version < 2.1

Njhyst ≫ Hy511 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.234

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

https://github.com/a2148001284/test1/blob/main/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%90%8E%E5%8F%B0%E6%BC%8F%E6%B4%9EEN.md

Third Party Advisory

Exploit

https://gist.github.com/a2148001284/bcdda75fc8718454f16a7b9259463719

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-65212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65212

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-65212