← volver
CVE-2025-12870

aEnrich|eHRD - Authentication Abuse

CVSS 9.3 CRITICALEPSS 0.6%CWE-1390
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
aEnrich · a+HRD

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2https://www.twcert.org.tw/en/cp-139-10487-12a32-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html