CRITICAL🇵🇱 Wersja polska

CVE-2025-63217

CVSS 9.8v3.1pub. 2025-11-18upd. 2026-01-15

The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

🤖 AI Analysis
How it works

The JWT-based authentication mechanism does not properly verify whether the token originates from a specific device or session. A valid JWT token obtained from one device instance can be sent without obstruction to another device running the same firmware. Because the verification does not consider parameters specific to the device (such as password or network affiliation), the request is accepted as properly authenticated, granting the attacker administrative privileges.

Impact

Attackers gain full administrative access to affected devices, leading to their complete compromise — including the ability to change configuration, disrupt services, and violate data confidentiality and integrity.

Mitigation & patch

Apply patches available from the manufacturer according to references. It is also recommended to isolate devices in dedicated network segments, restrict access to the administrative interface only to trusted hosts, and monitor unauthorized authentication attempts.

Who is affected

Itel DAB MUX (IDMUX) with firmware in build c041640a; products: Itel Id Mux Firmware, Itel Id Mux

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Itel Id Mux

    HW
    Itel
    wszystkie wersje
  • Itel Id Mux Firmware

    OS
    Itel
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-63224CRITICAL10.0PL ✓ten sam vendor

Itel DAB Encoder – Authentication Bypass przez nieprawidłową walidację JWT

CVE-2025-63216CRITICAL10.0PL ✓ten sam vendor

Itel DAB Gateway — Authentication Bypass przez błędną weryfikację JWT

CVE-2025-63219HIGH7.5ten sam vendor

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to i...