CVE-2025-41653
- EPSS 0.57%
- Published 27.05.2025 08:38:29
- Last modified 28.05.2025 15:01:30
An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unrespons...
CVE-2025-41652
- EPSS 0.08%
- Published 27.05.2025 08:38:12
- Last modified 22.08.2025 11:15:31
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision ...
CVE-2025-41651
- EPSS 0.27%
- Published 27.05.2025 08:38:03
- Last modified 28.05.2025 15:01:30
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise.
CVE-2025-41650
- EPSS 0.11%
- Published 27.05.2025 08:37:44
- Last modified 28.05.2025 15:01:30
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
CVE-2025-41649
- EPSS 0.11%
- Published 27.05.2025 08:37:26
- Last modified 28.05.2025 15:01:30
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.