CRITICAL🇵🇱 Wersja polska

CVE-2025-22937

CVSS 9.8v3.1pub. 2025-03-31upd. 2025-08-18

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.

🤖 AI Analysis
How it works

The vulnerability results from improper privilege management (CWE-269) in the firmware software of the Adtran 411 ONT device. An attacker can exploit unspecified attack vectors to obtain higher privileges in the system. The detailed mechanism was not disclosed in the vulnerability description.

Impact

An attacker can obtain elevated privileges on the device, which may consequently lead to complete takeover of the ONT device, and compromise of confidentiality, integrity, and availability of the supported network infrastructure.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. It is also recommended to restrict access to device management interfaces to trusted networks only and to monitor unauthorized activity on ONT devices.

Who is affected

Adtran 411 ONT with firmware version vL80.00.0011.M2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adtran 411

    HW
    Adtran
    wszystkie wersje
  • Adtran 411 Firmware

    OS
    Adtran
    l80.00.0011.m2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-22938CRITICAL9.8PL ✓ten sam produkt

Słabe domyślne hasła w urządzeniu Adtran 411 ONT

CVE-2025-22939CRITICAL9.8PL ✓ten sam produkt

Command injection w usłudze telnet urządzeń Adtran 411 ONT — eskalacja do root

CVE-2025-22940CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Adtran 411 ONT — nieautoryzowana zmiana hasła administratora

CVE-2025-22941CRITICAL9.8PL ✓ten sam produkt

Command injection w interfejsie webowym Adtran 411 ONT — eskalacja do root

CVE-2022-37661CRITICAL9.8ten sam vendor

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping hos...