CRITICAL🇵🇱 Wersja polska

CVE-2025-12104

CVSS 10.0v4.0pub. 2025-10-23upd. 2025-11-07

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

🤖 AI Analysis
How it works

The vulnerability results from the use of outdated UI library components (CWE-1104 — Use of Unmaintained Third-Party Components) in the BLU-IC2 and BLU-IC4 device software. Such components may contain known security vulnerabilities that have not been patched by the manufacturer and can be exploited remotely without requiring authentication. The attack vector indicates that the exploit can be conducted over the network without user interaction and without required privileges.

Impact

Successful exploitation of the vulnerability may allow an attacker to gain full control of the device, and potentially compromise the confidentiality, integrity, and availability of both the device itself and associated systems.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references published on https://azure-access.com/security-advisories. It is recommended to update device software to version 1.19.5 or above immediately.

Who is affected

Azure-Access BLU-IC2 in versions up to and including 1.19.5, and Azure-Access BLU-IC4 in versions up to and including 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4