CVE-2025-12176
Undocumented Administrative Accounts
In short
The system was secretly creating hidden administrative accounts to allow applications to access sensitive functions. This is critical because attackers could discover and use these accounts to take complete control of the device.
Technical detail
Undocumented administrative accounts are automatically provisioned without user knowledge or documentation, enabling unauthorized privilege escalation. An attacker who discovers these accounts can bypass authentication mechanisms and gain unrestricted administrative access to affected BLU-IC2 and BLU-IC4 devices running versions up to 1.19.5.
Summary generated and translated by AI from the official description.
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →