4 matches found
CVE-2025-2773
CVE-2025-2773 refers to a command injection/remote code execution flaw in BEC Technologies' Multiple Routers. The vulnerability resides in the management interface (listening on TCP port 22 by default), where insufficient validation of a user-supplied string before a system call allows an attacke...
CVE-2025-2771
CVE-2025-2771 concerns BEC Technologies routers with an authentication bypass in the web-based UI, allowing remote attackers to access functionality without credentials. The vulnerability stems from lack of authentication prior to accessing UI functions. Connected sources (ZDI advisory ZDI-25-184...
CVE-2025-2772
BEC Technologies routers are affected by CVE-2025-2772, where the flaw in /cgi-bin/tools_usermanage.asp leads to client-side handling of a list of users and credentials. This enables network-adjacent attackers to disclose transported credentials without authentication. The vulnerability impacts a...
CVE-2025-2770
CVE-2025-2770 is linked to BEC Technologies Multiple Routers. The vulnerability arises from storing credentials in a recoverable (cleartext) format in the web-based user interface, allowing a remote attacker to disclose stored passwords after authentication. Exploitation details, affected models/...