CRITICAL🇵🇱 Wersja polska

CVE-2025-12218

CVSS 10.0v4.0pub. 2025-10-25upd. 2025-11-10

Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

🤖 AI Analysis
How it works

The vulnerability consists of the fact that the firmware of BLU-IC2 and BLU-IC4 devices contains weak default credentials that are likely not enforced to be changed by the user during configuration. An attacker can remotely, without authentication and without user interaction, exploit these known or easily guessable login credentials to gain access to the device. A network attack vector (AV:N) combined with no required privileges (PR:N) and interaction (UI:N) makes the attack simple to execute at scale.

Impact

An attacker can gain full control over the device, resulting in compromise of confidentiality, integrity, and availability of both the system itself and associated network resources (SC:H/SI:H/SA:H). This can lead to unauthorized access to physical access control infrastructure, modification of its configuration, or use of devices as an entry point to the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://azure-access.com/security-advisories). Until firmware is updated, immediately change default credentials to strong, unique passwords, restrict network access to devices using firewalls or network segmentation, and disable remote access if not required.

Who is affected

Azure-Access BLU-IC2 with firmware version up to and including 1.19.5 and Azure-Access BLU-IC4 with firmware version up to and including 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4