CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the...

CVE-2025-41731

CVE-2025-41731 involves Jumo variTRON300 devices where the password for the debug interface is generated from a weak PRNG. An unauthenticated local attacker who knows the password-generation timeframe could brute-force the password in a timely manner and gain root access if the debug interface re...

PT-2025-45604

Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...

Jumo variTRON300 安全特征问题漏洞

Jumo variTRON300 is an automation system from China-based Jumo Automation Jumo. The Jumo variTRON300 suffers from a security signature issue vulnerability that stems from a flaw in the password generation algorithm, which could allow an unauthenticated, local attacker to obtain the password via...