VYPR

echarge

by Sec Consult

CVEs (5)

  • CVE-2025-48416HigMay 21, 2025
    risk 0.53cvss 8.1epss 0.01

    An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This…

  • CVE-2025-48413HigMay 21, 2025
    risk 0.50cvss 7.7epss 0.00

    The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to…

  • CVE-2025-48417MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.00

    The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against…

  • CVE-2025-48414MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.00

    There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack…

  • CVE-2025-48415MedMay 21, 2025
    risk 0.40cvss 6.2epss 0.00

    A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor  or…