VYPR

CHOCO TEI WATCHER mini

by Inaba

CVEs (2)

  • CVE-2025-26689CriMar 31, 2025
    risk 0.64cvss 9.8epss 0.01

    Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.

  • CVE-2025-24517HigMar 31, 2025
    risk 0.49cvss 7.5epss 0.01

    Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.