CVE-2025-3606
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Vestel AC Charger version
3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Vestel | AC Charger EVC04 | 3.75.0 | affected |
Weaknesses
- CWE-497: CWE-497
Workarounds
Avoid using open network:
Use secure methods like virtual private networks (VPNs) for remote access. Regularly update VPNs to their latest versions and ensure that connected devices maintain strong security measures.
Reduce network exposure for applications and endpoints. Only make them accessible via the Internet if specifically designed for and required by their intended use.
Login Credentials Management:
Force end user to revise the factory default set username and password of webconfig page.
Remove any printed documents such as installation guide, instruction book, quick start guide from web where login credentials are featured.
Please refer to Vestel's advisory https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf for more information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03
- https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.