Skip to main content

CVE-2025-5436: Information Disclosure in Multilaser Sirius RE016

Medium
VulnerabilityCVE-2025-5436cvecve-2025-5436
Published: Mon Jun 02 2025 (06/02/2025, 08:00:18 UTC)
Source: CVE Database V5
Vendor/Project: Multilaser
Product: Sirius RE016

Description

A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 07/09/2025, 12:25:24 UTC

Technical Analysis

CVE-2025-5436 is an information disclosure vulnerability identified in the Multilaser Sirius RE016 device, specifically affecting the MLT1.0 version of its firmware or software. The vulnerability arises from improper handling of requests to the /cgi-bin/cstecgi.cgi endpoint, which is likely a CGI script used for device management or diagnostics. Due to insufficient input validation or improper access controls, an attacker can remotely manipulate this CGI interface to extract sensitive information from the device. The vulnerability requires no authentication, user interaction, or privileges, and can be exploited over the network, making it accessible to remote attackers. The disclosed CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) indicates that the attack is network-based, with low attack complexity, no authentication or user interaction required, and results in low-impact confidentiality loss without affecting integrity or availability. Although the vendor was notified early, there has been no response or patch released to date, increasing the risk of exploitation. While no known exploits are currently reported in the wild, public disclosure of the exploit details raises the likelihood of future attacks targeting this vulnerability. The device affected, Multilaser Sirius RE016, is a networked product, possibly a router or IoT device, which if compromised, could leak configuration details, credentials, or other sensitive operational data to attackers, potentially facilitating further attacks or unauthorized access.

Potential Impact

For European organizations using the Multilaser Sirius RE016 device, this vulnerability poses a risk of unauthorized information disclosure that could compromise network security. Sensitive data such as device configuration, network topology, or credentials could be exposed, enabling attackers to map internal networks or escalate attacks. This is particularly concerning for small and medium enterprises or public sector entities relying on this device for network connectivity or management. The lack of vendor response and patch availability increases exposure time, raising the risk of exploitation. While the confidentiality impact is rated low, the ease of remote exploitation without authentication means attackers can silently gather intelligence, potentially leading to targeted attacks or lateral movement within networks. In critical infrastructure or regulated sectors, such information leakage could violate compliance requirements and increase operational risk. The medium severity rating reflects the balance between the limited direct impact and the potential for enabling more severe attacks.

Mitigation Recommendations

Given the absence of an official patch, European organizations should implement compensating controls to mitigate risk. These include isolating the Multilaser Sirius RE016 devices on segmented network zones with strict access controls, limiting exposure of the /cgi-bin/cstecgi.cgi endpoint to trusted management networks only. Network-level filtering using firewalls or intrusion prevention systems should block unauthorized access to the vulnerable CGI path. Monitoring network traffic for unusual requests targeting /cgi-bin/cstecgi.cgi can help detect exploitation attempts. Organizations should consider replacing or upgrading affected devices if possible, or disabling the vulnerable CGI functionality if the device configuration allows. Regularly auditing device firmware versions and vendor communications is essential to apply patches promptly once available. Additionally, enforcing strong network segmentation and multi-factor authentication on management interfaces can reduce the impact of any information disclosure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-01T11:11:24.533Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 683d5d4a182aa0cae23aa79d

Added to database: 6/2/2025, 8:14:02 AM

Last enriched: 7/9/2025, 12:25:24 PM

Last updated: 7/31/2025, 3:25:18 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats