CVE-2025-41702

Summary

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.

Affected Software

VendorProductVersion RangeStatus
WelotecEG400Mk2-D11001-0001010.0.0 < v1.7.7affected
WelotecEG400Mk2-D11001-000101v1.8.0 < v1.8.2affected
WelotecEG400Mk2-D11101-0001010.0.0 < v1.7.7affected
WelotecEG400Mk2-D11101-000101v1.8.0 < v1.8.2affected
WelotecEG503W0.0.0 < v1.7.7affected
WelotecEG503Wv1.8.0 < v1.8.2affected
WelotecEG503L0.0.0 < v1.7.7affected
WelotecEG503Lv1.8.0 < v1.8.2affected
WelotecEG503W_4GB0.0.0 < v1.7.7affected
WelotecEG503W_4GBv1.8.0 < v1.8.2affected
WelotecEG503L_4GB0.0.0 < v1.7.7affected
WelotecEG503L_4GBv1.8.0 < v1.8.2affected
WelotecEG503L-G0.0.0 < v1.7.7affected
WelotecEG503L-Gv1.8.0 < v1.8.2affected
WelotecEG500Mk2-A11101-0001010.0.0 < v1.7.7affected
WelotecEG500Mk2-A11101-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-A11001-0001010.0.0 < v1.7.7affected
WelotecEG500Mk2-A11001-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-B11101-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-B11101-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-B11001-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-B11001-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-C11101-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-C11101-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-C11001-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-C11001-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-A12011-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-A12011-000101v1.8.0 < v1.8.2affected
WelotecEG500Mk2-A11001-0002010.0.0 < <v1.7.7affected
WelotecEG500Mk2-A11001-000201v1.8.0 < v1.8.2affected
WelotecEG500Mk2-A21101-0001010.0.0 < <v1.7.7affected
WelotecEG500Mk2-A21101-000101v1.8.0 < v1.8.2affected
WelotecEG602W0.0.0 < <v1.7.7affected
WelotecEG602Wv1.8.0 < v1.8.2affected
WelotecEG602L0.0.0 < <v1.7.7affected
WelotecEG602Lv1.8.0 < v1.8.2affected
WelotecEG603W Mk20.0.0 < <v1.7.7affected
WelotecEG603W Mk2v1.8.0 < v1.8.2affected
WelotecEG603L Mk20.0.0 < <v1.7.7affected
WelotecEG603L Mk2v1.8.0 < v1.8.2affected
WelotecEG802W0.0.0 < <v1.7.7affected
WelotecEG802Wv1.8.0 < v1.8.2affected
WelotecEG804W0.0.0 < <v1.7.7affected
WelotecEG804Wv1.8.0 < v1.8.2affected
WelotecEG802W_i7_512GB_DinRail0.0.0 < <v1.7.7affected
WelotecEG802W_i7_512GB_DinRailv1.8.0 < v1.8.2affected
WelotecEG802W_i7_512GB_w/o DinRail0.0.0 < <v1.7.7affected
WelotecEG802W_i7_512GB_w/o DinRailv1.8.0 < v1.8.2affected
WelotecEG804W Pro0.0.0 < <v1.7.7affected
WelotecEG804W Prov1.8.0 < v1.8.2affected

Weaknesses

  • CWE-321: CWE-321 Use of Hard-coded Cryptographic Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References