HIGH🇬🇧 English

CVE-2025-11781

CVSS 8.6v4.0pub. 2025-12-02upd. 2025-12-03

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Circutor Sge Plc1000

    HW
    Circutor
    wszystkie wersje
  • Circutor Sge Plc1000 Firmware

    OS
    Circutor
    9.0.2
  • Circutor Sge Plc50

    HW
    Circutor
    wszystkie wersje
  • Circutor Sge Plc50 Firmware

    OS
    Circutor
    9.0.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-11779CRITICAL9.4PL ✓ten sam produkt

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan

CVE-2025-11778CRITICAL10.0PL ✓ten sam produkt

Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)

CVE-2021-33841CRITICAL10.0ten sam produkt

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote...

CVE-2025-11780HIGH8.7ten sam produkt

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()'...

CVE-2025-11782HIGH8.5ten sam produkt

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' funct...

CVE-2025-11781 — HIGH 8.6 | CVEbaza.pl