CVE-2025-14750

Summary

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.

Affected Software

VendorProductVersion RangeStatus
WeintekcMT3072XH20200630 < 20241112affected
WeintekcMT3072XH(T)20200630 < 20241112affected
WeintekcMT-SVRX-82020220413 < 20240919affected
WeintekcMT-CTRL0120230308 < 20250827affected

Weaknesses

  • CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References