CRITICAL🇵🇱 Wersja polska

CVE-2025-28238

CVSS 9.8v3.1pub. 2025-04-18upd. 2026-04-15

Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.

🤖 AI Analysis
How it works

Improper session management (CWE-384) in the Elber REBLE310 device allows an attacker to hijack an active session of an authenticated user. The attack is possible remotely, without authentication and without user interaction. By exploiting the hijacked session, the attacker gains access to the functions and data available to the logged-in user.

Impact

An attacker can completely hijack the session of an authenticated user, resulting in unauthorized access to sensitive data, the ability to modify device configuration, and potential disruption of its operation.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict network access to the device management interface and monitor active sessions.

Who is affected

Elber REBLE310 Firmware v5.5.1.R, device model: REBLE310/RX10/4ASI

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References