Skip to main content

CVE-2025-44891: n/a

Critical
VulnerabilityCVE-2025-44891cvecve-2025-44891
Published: Tue May 20 2025 (05/20/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_v3host_add_post function.

AI-Powered Analysis

AILast updated: 07/06/2025, 05:26:45 UTC

Technical Analysis

CVE-2025-44891 is a critical stack overflow vulnerability identified in the firmware version FW-WGS-804HPT v1.305b241111. The flaw exists in the function web_snmp_v3host_add_post, specifically triggered via the host_ip parameter. A stack overflow occurs when the input data exceeds the buffer size allocated on the stack, leading to memory corruption. This vulnerability is classified under CWE-121, which pertains to stack-based buffer overflows. The CVSS v3.1 score is 9.8, indicating a critical severity level with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is remotely exploitable over the network without any privileges or user interaction, and can result in complete confidentiality, integrity, and availability compromise. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to full system takeover, data theft, or disruption of services. No patches or vendor information are currently available, and no known exploits have been reported in the wild yet. The absence of vendor and product details limits precise identification, but the firmware naming suggests it may be related to network hardware or IoT devices that implement SNMP v3 host management features.

Potential Impact

For European organizations, the impact of this vulnerability could be severe, especially for those relying on the affected firmware in critical network infrastructure or IoT deployments. Successful exploitation could lead to unauthorized remote code execution, enabling attackers to gain control over network devices, intercept or manipulate sensitive data, disrupt network operations, or use compromised devices as pivot points for further attacks within the corporate network. This could affect confidentiality by exposing sensitive information, integrity by allowing unauthorized changes, and availability by causing device or network outages. Industries such as telecommunications, manufacturing, utilities, and critical infrastructure operators in Europe could face significant operational and reputational damage. The lack of patches and public exploit code increases the urgency for proactive mitigation to prevent potential future attacks.

Mitigation Recommendations

Given the critical nature and lack of available patches, European organizations should immediately conduct asset discovery to identify any devices running FW-WGS-804HPT v1.305b241111 or similar firmware. Network segmentation should be enforced to isolate vulnerable devices from critical systems and limit exposure to untrusted networks. Disable or restrict SNMP v3 host management interfaces where possible, especially access to the web_snmp_v3host_add_post function or related management services. Employ strict input validation and anomaly detection on network traffic to detect and block malformed SNMP requests targeting the host_ip parameter. Monitor network logs and device behavior for signs of exploitation attempts or unusual activity. Engage with vendors or firmware providers to obtain patches or updates as soon as they become available. Additionally, implement network-level protections such as firewalls and intrusion prevention systems (IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. Regularly update and audit device firmware and configurations to minimize attack surface.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-22T00:00:00.000Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d6c76d4f2164cc92430cb

Added to database: 5/21/2025, 6:02:30 AM

Last enriched: 7/6/2025, 5:26:45 AM

Last updated: 8/15/2025, 11:36:56 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats