CVE-2025-44018

Sažetak

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230

CVSS

Base:	8.3
Impact:	6.0
Exploitability:	1.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

25-11-2025 - 22:16

Objavljeno

24-11-2025 - 16:15