CVE-2025-1907

Summary

Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.

Affected Software

VendorProductVersion RangeStatus
InstantelMicromateAll versionsaffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Instantel is actively working on a firmware update to address this vulnerability. In the meantime, Micromate users are advised to implement the following workaround measures:

  • Establish and maintain a list of approved IP addresses that are allowed to access the modem. This measure will help prevent unauthorized access.

For more information, please contact Instantel technical support. https://www.instantel.com/service-and-support/contact-technical-support

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References