exploitDog

CVE-2025-25613

Опубликовано: 20 нояб. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.

Ссылки

http://fs.com
Product
http://s3150-8t2f.com
Broken Link
https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:fs:s3150-8t2f_firmware:*:*:*:*:*:*:*:*

Версия до 2.2.0D (исключая)

cpe:2.3:h:fs:s3150-8t2f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-gcjj-c9q9-5q75

CVSS3: 6.5

github

3 месяца назад

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.

EPSS

Процентиль: 5%

0.00023

Низкий

7.5 High

CVSS3

Дефекты

CWE-312