CRITICAL🇵🇱 Wersja polska

CVE-2025-63224

CVSS 10.0v3.1pub. 2025-11-19upd. 2026-01-15

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

🤖 AI Analysis
How it works

The vulnerability results from improper validation of JWT (JSON Web Token) tokens – the firmware does not verify whether the token was issued for a specific device. As a result, a valid JWT token obtained from one device can be used to authenticate to a completely different device running the same firmware, even if both devices have different passwords and are located in different networks. This is a combination of authentication error (CWE-287) and session persistence (CWE-384).

Impact

An attacker gains full administrative access to the device without knowledge of its password, leading to complete takeover of the device, including the ability to modify configuration, read data, and disrupt its operation.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until an update is applied, it is recommended to isolate devices at the network level and restrict access to the management interface exclusively to trusted hosts through a firewall or network segmentation.

Who is affected

Itel DAB Encoder (IDEnc) in firmware version build 25aec8d (products: Itel Idenc Firmware, Itel Idenc)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Itel Idenc

    HW
    Itel
    wszystkie wersje
  • Itel Idenc Firmware

    OS
    Itel
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-63216CRITICAL10.0PL ✓ten sam vendor

Itel DAB Gateway — Authentication Bypass przez błędną weryfikację JWT

CVE-2025-63217CRITICAL9.8PL ✓ten sam vendor

Authentication Bypass w Itel DAB MUX — wielourządzeniowe nadużycie tokenów JWT

CVE-2025-63219HIGH7.5ten sam vendor

The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to i...