CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

CVE-2025-41731

CVE-2025-41731 involves Jumo variTRON300 devices where the password for the debug interface is generated from a weak PRNG. An unauthenticated local attacker who knows the password-generation timeframe could brute-force the password in a timely manner and gain root access if the debug interface re...

Jumo variTRON300 安全特征问题漏洞

Jumo variTRON300 is an automation system from China-based Jumo Automation Jumo. The Jumo variTRON300 suffers from a security signature issue vulnerability that stems from a flaw in the password generation algorithm, which could allow an unauthenticated, local attacker to obtain the password via...

PT-2025-45604

Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...