CRITICAL🇵🇱 Wersja polska

CVE-2025-12516

CVSS 10.0v4.0pub. 2025-10-30upd. 2025-11-10

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

🤖 AI Analysis
How it works

The vulnerability results from improper or completely absent error handling on the HTTP server side embedded in the firmware of BLU-IC2 and BLU-IC4 devices. In accordance with CWE-394, the lack of graceful error handling means that the application does not respond correctly to 5xx class error conditions, which can lead to unexpected device states or disclosure of sensitive information. The attack vector is network-based, requires no authentication or user interaction, making the vulnerability trivial to exploit remotely.

Impact

An attacker without any privileges, acting remotely over the network, can compromise the confidentiality, integrity, and availability of both the targeted device and systems associated with it, potentially gaining full control over the access infrastructure.

Mitigation & patch

Apply patches available from the manufacturer in accordance with references published at https://azure-access.com/security-advisories. Until firmware updates are applied, it is recommended to restrict network access to BLU-IC2 and BLU-IC4 devices exclusively to trusted hosts and implement network segmentation.

Who is affected

Azure-Access BLU-IC2 with firmware version up to and including 1.19.5, and Azure-Access BLU-IC4 with firmware version up to and including 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12515CRITICAL10.0PL ✓ten sam produkt

Systemiczne błędy wewnętrzne serwera (HTTP 500) w Azure-Access BLU-IC2 i BLU-IC4