← voltar
CVE-2025-6097

UTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password change

CVSS 6.9 MEDIUMEPSS 0.6%CWE-620CWE-640
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
UTT · 进取 750W

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/pfwqdxwdd/cve/blob/main/6.mdhttps://github.com/pfwqdxwdd/cve/blob/main/6.md#pochttps://vuldb.com/?ctiid.312566https://vuldb.com/?id.312566https://vuldb.com/?submit.589425