CRITICAL🇵🇱 Wersja polska

CVE-2025-12364

CVSS 10.0v4.0pub. 2025-10-27upd. 2025-11-10

Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

🤖 AI Analysis
How it works

The vulnerability consists of the lack or insufficient enforcement of strong passwords in the firmware of BLU-IC2 and BLU-IC4 devices (CWE-521: Weak Password Requirements). An attacker without any prior privileges can gain remote access to the device over the network and without user interaction by exploiting weak or default passwords. The attack vector does not require special conditions or advanced techniques, making the attack very simple to carry out.

Impact

An attacker can gain full control over the device, leading to violations of confidentiality, integrity, and availability of both the device itself and systems associated with it. Due to the maximum impact values also on secondary systems (SC:H, SI:H, SA:H), a compromise may have serious consequences for the entire network infrastructure.

Mitigation & patch

Patches available from the manufacturer must be applied in accordance with references published at https://azure-access.com/security-advisories. Until firmware updates are applied, it is recommended to isolate devices from public networks, enforce strong and unique password changes, and restrict device access exclusively to trusted network segments.

Who is affected

Azure-Access BLU-IC2 with firmware up to and including version 1.19.5 and Azure-Access BLU-IC4 with firmware up to and including version 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4