CVE-2025-48733: CWE-306 Missing Authentication for Critical Function in DuraComm Corporation SPM-500 DP-10iN-100-MU
Severity: highType: vulnerabilityCVE-2025-48733
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device.
CVE-2025-48733: CWE-306 Missing Authentication for Critical Function in DuraComm Corporation SPM-500 DP-10iN-100-MU
High
Published: Tue Jul 22 2025 (07/22/2025, 21:35:52 UTC)
Source: CVE Database V5
Vendor/Project: DuraComm Corporation
Product: SPM-500 DP-10iN-100-MU
Description
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2025-07-15T20:19:54.848Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 688007daa915ff00f7fbc694
Added to database: 7/22/2025, 9:51:22 PM
Last updated: 7/22/2025, 9:51:22 PM
Views: 1
Related Threats
CVE-2025-54137: CWE-1392: Use of Default Credentials in haxtheweb issues
HighVulnerabilityTue Jul 22 2025
CVE-2025-53703: CWE-319 Cleartext Transmission of Sensitive Information in DuraComm Corporation SPM-500 DP-10iN-100-MU
HighVulnerabilityTue Jul 22 2025
CVE-2025-53538: CWE-770: Allocation of Resources Without Limits or Throttling in OISF suricata
HighVulnerabilityTue Jul 22 2025
CVE-2025-7766: CWE-611 Improper Restriction of XML External Entity Reference in Lantronix Provisioning Manager
HighVulnerabilityTue Jul 22 2025
CVE-2025-41425: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in DuraComm Corporation SPM-500 DP-10iN-100-MU
HighVulnerabilityTue Jul 22 2025
Actions
Please log in to the Console to use AI analysis features.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.