CVE-2025-41731
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jumo | variTRON300 | 0.0.0.0 < 9.0.2.5 | affected |
| Jumo | variTRON500 | 0.0.0.0 < 9.0.2.5 | affected |
| Jumo | variTRON500 touch | 0.0.0.0 < 9.0.2.5 | affected |
Weaknesses
- CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.