CVE-2025-11155

Summary

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.

Affected Software

VendorProductVersion RangeStatus
SATOS86-ex 203dpi61.00.00.09affected

Weaknesses

  • CWE-261: CWE-261: Weak Encoding for Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References