CVE-2025-55075 is a vulnerability identified in the I-O DATA DEVICE, INC. wireless router models WN-7D36QR and WN-7D36QR/UE, specifically affecting firmware versions 1.1.3 and earlier. The core issue stems from hidden functionality within the device firmware that allows an authenticated remote attacker to enable SSH access on the device. This hidden SSH functionality is not intended to be accessible under normal operation, and its activation could provide an attacker with a powerful remote management interface. The vulnerability requires the attacker to have prior authentication (high privileges) on the device, which means the attacker must already have some level of access, such as valid credentials or access through another compromised vector. Once SSH is enabled, the attacker could potentially execute commands remotely, leading to integrity violations by modifying device configurations or firmware, and possibly pivoting to other networked systems. The CVSS v3.1 score of 4.9 (medium severity) reflects that the attack vector is network-based with low attack complexity but requires high privileges and no user interaction. Confidentiality is not directly impacted, but integrity is compromised, and availability remains unaffected. There are no known exploits in the wild at this time, and no patches have been linked yet, indicating that mitigation may rely on vendor updates or configuration changes. The vulnerability is particularly concerning because enabling SSH could bypass other security controls and facilitate persistent unauthorized access or lateral movement within a network environment.

For European organizations, the impact of this vulnerability could be significant, especially for those relying on the affected I-O DATA DEVICE routers in their network infrastructure. Enabling SSH access remotely by an attacker with existing credentials could allow unauthorized configuration changes, potentially weakening network security or enabling further exploitation. This could lead to integrity breaches, such as unauthorized firmware modifications or network traffic interception. Organizations in sectors with strict regulatory requirements around network security and data integrity, such as finance, healthcare, and critical infrastructure, may face compliance risks if such devices are compromised. Additionally, the ability to remotely enable SSH could facilitate lateral movement within corporate networks, increasing the risk of broader compromise. Although the vulnerability does not directly affect confidentiality or availability, the integrity impact and potential for escalation make it a concern for maintaining secure network operations. The requirement for prior authentication reduces the likelihood of opportunistic attacks but does not eliminate risk from insider threats or attackers who have already gained initial access through other means.

To mitigate this vulnerability effectively, European organizations should first identify any deployments of the affected WN-7D36QR and WN-7D36QR/UE devices running firmware version 1.1.3 or earlier. Immediate steps include restricting administrative access to these devices to trusted personnel and networks only, employing strong authentication mechanisms such as multi-factor authentication to reduce the risk of credential compromise. Network segmentation should be enforced to isolate these devices from sensitive network segments. Monitoring network traffic for unusual SSH activity or unexpected port openings can help detect exploitation attempts. Since no patches are currently linked, organizations should engage with I-O DATA DEVICE, INC. to obtain firmware updates or advisories. If possible, disabling any undocumented or hidden services, including SSH, through device configuration is recommended. Regularly auditing device configurations and access logs will help identify unauthorized changes. Finally, organizations should incorporate this vulnerability into their incident response plans, preparing to respond swiftly if exploitation is detected.