6 matches found
CVE-2025-63223
The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...
CVE-2025-63221
The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...
CVE-2025-63221
The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...
CVE-2025-63223
The CVE-2025-63223 entry affects Axel Technology StreamerMAX MK II firmware versions 0.8.5–1.0.3. The root cause is Broken Access Control caused by missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, allowing unauthenticated remote attackers to list user accounts, create new administrat...
PT-2025-47459
Name of the Vulnerable Software and Affected Versions Axel Technology WOLF1MS and WOLF2MS versions 0.8.5 through 1.0.3 Description The devices are subject to Broken Access Control because of a lack of authentication on the /cgi-bin/gstFcgi.fcgi API endpoint. This allows unauthenticated remote...
CVE-2025-63221
CVE-2025-63221 (Axel Technology puma devices) affects firmware versions 0.8.5–1.0.3. The vulnerability is due to broken access control from missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. An unauthenticated remote attacker can enumerate user accounts, create new administrative users...