CRITICAL🇵🇱 Wersja polska

CVE-2025-41652

CVSS 9.8v3.1pub. 2025-05-27upd. 2026-04-15

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

🤖 AI Analysis
How it works

The device authorization mechanism is based on the MD5 algorithm (CWE-328 — use of weak cryptographic algorithm), which is vulnerable to collision attacks. An attacker can exploit two approaches: conduct a brute-force attack to guess correct authentication credentials or apply MD5 collision techniques to forge authentication hashes. Both methods do not require any prior authorization or user interaction, and the attack is possible remotely over the network.

Impact

An attacker can gain unauthorized access to the device, potentially leading to violations of confidentiality, integrity, and availability of the system — including full takeover of the device.

Mitigation & patch

Apply patches available from the manufacturer according to references (advisory VDE-2025-044: https://certvde.com/en/advisories/VDE-2025-044/). Additionally, it is recommended to restrict access to devices at the network level (firewall, segmentation) until the patch is deployed.

Who is affected

Devices specified in manufacturer references (detailed models available in advisory VDE-2025-044 on certvde.com)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References