CRITICAL🇵🇱 Wersja polska

CVE-2025-29270

CVSS 10.0v3.1pub. 2025-10-31upd. 2026-04-15

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.

🤖 AI Analysis
How it works

The realtime.cgi endpoint on DSE855 devices does not enforce proper access permission verification. An attacker can remotely access the device administration panel without any authentication and without user interaction. As a result, it is possible to seize full control of the device without knowledge of any login credentials.

Impact

An attacker gains unlimited access to the DSE855 device administration panel and full control over its operation, which may include reading confidential configuration data, modifying settings, and disrupting device operation.

Mitigation & patch

Manufacturer patches should be applied according to references. Until updates are applied, it is recommended to isolate DSE855 devices from public networks, restrict access to the realtime.cgi endpoint at the firewall level, and implement network segmentation.

Who is affected

Deep Sea Electronics DSE855 in versions from v1.1.0 to v1.1.26 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References