Medium severity6.5NVD Advisory· Published Apr 23, 2025· Updated Jun 17, 2026
CVE-2025-2772
CVE-2025-2772
Description
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1.04.1.512, 1.04.1.542
Patches
Vulnerability mechanics
References
1- www.zerodayinitiative.com/advisories/ZDI-25-185/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.