CRITICAL🇵🇱 Wersja polska

CVE-2025-63210

CVSS 9.8v3.1pub. 2025-11-19upd. 2026-01-15

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

🤖 AI Analysis
How it works

The vulnerability results from improper validation of responses on the client side during the login process (CWE-287, CWE-302, CWE-303). The attacker intercepts network traffic directed to the /celoxservice endpoint and modifies the server response returned during the loginWithUserName flow. By injecting a forged HTTP response body, the application considers the user authenticated without verifying actual credentials. The authentication mechanism thus relies on untrusted data controlled by the attacker.

Impact

The attacker gains full administrative access to the device (Superuser or Operator level), which enables control over configuration, disruption of signal transmission, and potentially compromises the confidentiality, integrity, and availability of the system.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references. Until updates are deployed, it is recommended to isolate devices from public networks, restrict access to the /celoxservice endpoint exclusively to trusted networks, and monitor network traffic for suspicious HTTP response modifications.

Who is affected

Newtec Celox UHD model CELOXA504 and CELOXA820 with firmware version celox-21.6.13

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Newtec Celoxa504

    HW
    Newtec
    wszystkie wersje
  • Newtec Celoxa504 Firmware

    OS
    Newtec
    celox-21.6.13
  • Newtec Celoxa820

    HW
    Newtec
    wszystkie wersje
  • Newtec Celoxa820 Firmware

    OS
    Newtec
    celox-21.6.13
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References