exploitDog

CVE-2025-63206

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.

Ссылки

http://dasansmc.com/
Broken Link
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass
Exploit
Third Party Advisory
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:dasannetworks:ds2924_firmware:1.01.18:*:*:*:*:*:*:*

cpe:2.3:o:dasannetworks:ds2924_firmware:1.02.00:*:*:*:*:*:*:*

cpe:2.3:h:dasannetworks:ds2924:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00166

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-qxjj-2j7h-cqh2

CVSS3: 9.8

github

3 месяца назад

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.

EPSS

Процентиль: 38%

0.00166

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-306