CVE-2025-5095
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Burk Technology | ARC Solo | 0 < 1.0.62 | affected |
Weaknesses
- CWE-306: CWE-306
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-03
- https://www.burk.com/products/Broadcast/ARC-Solo-6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.