Unrated severityNVD Advisory· Published Dec 17, 2025· Updated Dec 17, 2025
CVE-2025-65855
CVE-2025-65855
Description
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = v18_178_221102_ASCII_PRO_1R5_50
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.