CVE-2025-0675

🗓️ 06 Feb 2025 23:43:57Reported by icscertType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 63 Views🌐 WEB

Elber products have unauthenticated configuration and client-side hidden functionality issues.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-0675	4 Feb 202511:00	–	circl
CNNVD	Elber Communications Equipment 安全漏洞	7 Feb 202500:00	–	cnnvd
Cvelist	CVE-2025-0675 Elber Communications Equipment Hidden Functionality	6 Feb 202523:43	–	cvelist
EUVD	EUVD-2025-1811	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0675	7 Feb 202500:15	–	nvd
Positive Technologies	PT-2025-5894 · Elber · Elber	6 Feb 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-0675	9 Feb 202500:24	–	redhatcve
Vulnrichment	CVE-2025-0675 Elber Communications Equipment Hidden Functionality	6 Feb 202523:43	–	vulnrichment
Zero Science Lab	Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config	17 Apr 202400:00	–	zeroscience

Vulners

Node

elber signum_dvb-s/s2_irdRange≤1.999

elber cleber/3_broadcast_multi-purpose_platformMatch1.0

elber reble610_m/odu_xpic_ip-asi-sdhMatch0.01

elber ese_dvb-s/s2_satellite_receiverRange≤1.5.179

elber wayber_analog/digital_audio_stlMatch4

[
  {
    "defaultStatus": "unaffected",
    "product": "Signum DVB-S/S2 IRD",
    "vendor": "Elber",
    "versions": [
      {
        "lessThanOrEqual": "1.999",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cleber/3 Broadcast Multi-Purpose Platform",
    "vendor": "Elber",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Reble610 M/ODU XPIC IP-ASI-SDH",
    "vendor": "Elber",
    "versions": [
      {
        "status": "affected",
        "version": "0.01"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ESE DVB-S/S2 Satellite Receiver",
    "vendor": "Elber",
    "versions": [
      {
        "lessThanOrEqual": "1.5.179",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Wayber Analog/Digital Audio STL",
    "vendor": "Elber",
    "versions": [
      {
        "status": "affected",
        "version": "4"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-035-03

Parameter	Position	Path	Description	CWE
fan_speed	query param	json_data/fan	Unauthenticated device configuration via fan settings exposure	CWE-912
fan_target	query param	json_data/fan	Unauthenticated device configuration via fan settings exposure	CWE-912
warn_temp	query param	json_data/fan	Unauthenticated device configuration via fan settings exposure	CWE-912
alarm_temp	query param	json_data/fan	Unauthenticated device configuration via fan settings exposure	CWE-912
index	query param	json_data/conf_cmd	Delete config via unauthenticated command endpoint (index and cmd parameters)	CWE-912
cmd	query param	json_data/conf_cmd	Delete config via unauthenticated command endpoint (index and cmd parameters)	CWE-912
index	query param	json_data/conf_cmd	Upgrade launched via unauthenticated command endpoint (index and cmd parameters)	CWE-912
cmd	query param	json_data/conf_cmd	Upgrade launched via unauthenticated command endpoint (index and cmd parameters)	CWE-912
until	query param	json_data/erase_log.js	Log erase functionality accessible without authentication	CWE-912
freq	query param	json_data/NBFMV2RX.setConfig	RX config set via HTTP (NBFMV2RX.setConfig) exposing configuration options	CWE-912

17 Jun 2026 08:26Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5

CVSS 48.7

EPSS0.00477

SSVC

CWE-912