CVE-2025-0224

Summary

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Provision-ISRSH-4050A-220241220affected
Provision-ISRSH-4100A-2L(MM)20241220affected
Provision-ISRSH-8100A-2L(MM)20241220affected
Provision-ISRSH-16200A-2(1U)20241220affected
Provision-ISRSH-16200A-5(1U)20241220affected
Provision-ISRNVR5-8200PX20241220affected

Weaknesses

  • CWE-200: Information Disclosure
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References