CVE-2025-6529

Sažetak

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code
https://vuldb.com/?ctiid.313646
https://vuldb.com/?id.313646
https://vuldb.com/?submit.595450

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

23-06-2025 - 23:15

Objavljeno

23-06-2025 - 23:15