CVE-2025-0674
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elber | Signum DVB-S/S2 IRD | 0 <= 1.999 | affected |
| Elber | Cleber/3 Broadcast Multi-Purpose Platform | 1.0 | affected |
| Elber | Reble610 M/ODU XPIC IP-ASI-SDH | 0.01 | affected |
| Elber | ESE DVB-S/S2 Satellite Receiver | 0 <= 1.5.179 | affected |
| Elber | Wayber Analog/Digital Audio STL | 4 | affected |
Weaknesses
- CWE-288: CWE-288
Workarounds
Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life. Users of affected versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL are invited to contact Elber customer support https://elber.it/en/elber-contacts.php for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.