2 matches found
CVE-2025-57433
The CVE-2025-57433 entry concerns the 2wcom IP-4c device (version 2.15.5). A vulnerability in the web interface allows information disclosure via a crafted POST to /cwi/ajax_request/get_data.php. An authenticated user, even with low privileges (e.g., guest), can retrieve hashed passwords for admi...
CVE-2025-57438
The CVE-2025-57438 entry concerns the 2wcom IP-4c device running firmware version 2.15.5 and describes a Broken Access Control flaw. The vulnerability allows a manager-level user to bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests, potentially expo...