CVE-2025-27803

Published May 21, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description
The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access to the devices and can perform arbitrary administrative actions and reconfigure the devices or potentially gain access to sensitive data.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
4.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
MEDIUM

Weaknesses

551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-306

Social media

Hype score
Not currently trending

  1. CVE-2025-27803 The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administra… https://t.co/lBDDKCEFzF

    @CVEnew

    21 May 2025

    325 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.