CVE-2025-3606

Summary

Vestel AC Charger version

3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.

Affected Software

VendorProductVersion RangeStatus
VestelAC Charger EVC043.75.0affected

Weaknesses

  • CWE-497: CWE-497

Workarounds

Avoid using open network:

  • Use secure methods like virtual private networks (VPNs) for remote access. Regularly update VPNs to their latest versions and ensure that connected devices maintain strong security measures.

  • Reduce network exposure for applications and endpoints. Only make them accessible via the Internet if specifically designed for and required by their intended use.

Login Credentials Management:

  • Force end user to revise the factory default set username and password of webconfig page.

  • Remove any printed documents such as installation guide, instruction book, quick start guide from web where login credentials are featured.

Please refer to Vestel's advisory https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References