CRITICAL🇵🇱 Wersja polska

CVE-2025-67112

CVSS 9.8v3.1pub. 2026-03-19upd. 2026-03-24

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions.

🤖 AI Analysis
How it works

The SCE4255W device firmware uses a static, hard-coded AES-256-CBC key to protect backup files and restore configurations exported through the GUI interface. An attacker with access to an account (even with low privileges) can download the configuration file via the export function, decrypt it using the embedded key, arbitrarily modify its contents — including authentication data and user roles — then re-encrypt it with the same key and import it through the restore function. This allows privilege escalation without knowledge of the original administrator passwords.

Impact

An attacker can gain full control of the device by manipulating authentication data and escalating privileges to administrator level, resulting in complete loss of system confidentiality, integrity, and availability.

Mitigation & patch

Update the device firmware to version DG3934v3@2308041842 or newer. Until the update is applied, it is recommended to restrict access to the GUI interface only to trusted users and monitor configuration import/export operations.

Who is affected

Sercomm SCE4255W Small Cell (FreedomFi Englewood) — firmware versions prior to DG3934v3@2308041842

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References