6 matches found
CVE-2025-41733
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...
EUVD-2025-197985
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...
CVE-2025-41733
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...
CVE-2025-41733
The CVE-2025-41733 issue affects METZ CONNECT EWIO2-M, EWIO2-M-BM, and EWIO2-BM devices. The commissioning wizard does not validate whether the device is already initialized, enabling an unauthenticated remote attacker to construct HTTP POST requests to set root credentials, potentially gaining f...
CVE-2025-41733 Possible malfunction credential injection
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...
PT-2025-47290
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description The commissioning wizard does not validate if the device is already initialized. This allows an unauthenticated remote attacker to construct HTTP POST requests to set or modify root credentials without...