The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.
The vulnerability results from improper validation of responses on the client side during the login process (CWE-287, CWE-302, CWE-303). The attacker intercepts network traffic directed to the /celoxservice endpoint and modifies the server response returned during the loginWithUserName flow. By injecting a forged HTTP response body, the application considers the user authenticated without verifying actual credentials. The authentication mechanism thus relies on untrusted data controlled by the attacker.
The attacker gains full administrative access to the device (Superuser or Operator level), which enables control over configuration, disruption of signal transmission, and potentially compromises the confidentiality, integrity, and availability of the system.
Security patches available from the manufacturer should be applied according to the references. Until updates are deployed, it is recommended to isolate devices from public networks, restrict access to the /celoxservice endpoint exclusively to trusted networks, and monitor network traffic for suspicious HTTP response modifications.
Newtec Celox UHD model CELOXA504 and CELOXA820 with firmware version celox-21.6.13
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNewtec Celoxa504
HWNewtecwszystkie wersjeNewtec Celoxa504 Firmware
OSNewteccelox-21.6.13Newtec Celoxa820
HWNewtecwszystkie wersjeNewtec Celoxa820 Firmware
OSNewteccelox-21.6.13