Main Vulnerability Database Vulnerabilities #VU106008

#VU106008 Direct Request ('Forced Browsing') in CHOCO TEI WATCHER mini (IB-MCT001) - CVE-2025-26689

Published: March 25, 2025

Vulnerability identifier: #VU106008

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-26689

CWE-ID: CWE-425

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CHOCO TEI WATCHER mini (IB-MCT001)

Software vendor:
INABA DENKI SANGYO

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to forced browsing issue. A remote attacker can send a specially crafted HTTP request to obtain or delete the product's data and alter the settings.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://jvn.jp/en/vu/JVNVU91154745/index.html
https://www.inaba.co.jp/files/chocomini_vulnerability.pdf

#VU106008 Direct Request ('Forced Browsing') in CHOCO TEI WATCHER mini (IB-MCT001) - CVE-2025-26689

Description

Remediation

External links

Please verify you're human