#VU103701 Authentication bypass using an alternate path or channel in Elber products - CVE-2025-0674
Published: February 7, 2025
Vulnerability identifier: #VU103701
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-0674
CWE-ID: CWE-288
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Signum DVB-S/S2 IRD
Cleber/3 Broadcast Multi-Purpose Platform
Reble610 M/ODU XPIC IP-ASI-SDH
ESE DVB-S/S2 Satellite Receiver
Wayber Analog/Digital Audio STL
Signum DVB-S/S2 IRD
Cleber/3 Broadcast Multi-Purpose Platform
Reble610 M/ODU XPIC IP-ASI-SDH
ESE DVB-S/S2 Satellite Receiver
Wayber Analog/Digital Audio STL
Software vendor:
Elber
Elber
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the authentication bypass using an alternate path or channel. A remote attacker can manipulate the endpoint to overwrite any user's password within the system and gain elevated privileges.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.