CVE-2025-57433 is an information disclosure vulnerability affecting the web interface of the 2wcom IP-4c device, version 2.15.5. The vulnerability allows an authenticated attacker, even with low-privileged guest access, to send a specially crafted POST request to the endpoint /cwi/ajax_request/get_data.php. This request returns hashed passwords for the admin, manager, and guest accounts. The exposure of these password hashes significantly undermines the device's security because an attacker can perform offline cracking attempts against these hashes to recover plaintext credentials. Once the attacker obtains the admin or manager credentials, they can gain full administrative control over the device. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS v3.1 base score is 6.5 (medium severity), reflecting that the attack vector is network-based (AV:N), requires low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability highlights a critical design flaw in the device's web interface, where sensitive credential hashes are accessible to low-privileged users, increasing the risk of privilege escalation and unauthorized device control.

For European organizations using the 2wcom IP-4c device, this vulnerability poses a significant risk to network security and operational integrity. The ability for low-privileged users to extract hashed credentials can lead to unauthorized administrative access if hashes are cracked, potentially allowing attackers to manipulate device configurations, intercept or redirect network traffic, or disrupt communications. Given that 2wcom devices are often used in industrial and critical infrastructure environments such as utilities, transportation, and manufacturing, exploitation could lead to operational disruptions or data breaches. The confidentiality breach could also expose sensitive network configurations and user credentials, increasing the attack surface for lateral movement within corporate networks. The medium CVSS score reflects the need for prompt mitigation, especially in environments where these devices are exposed to untrusted networks or where guest accounts are widely accessible. The absence of known exploits suggests a window of opportunity for organizations to remediate before active exploitation occurs.

1. Immediately restrict or disable guest and low-privileged accounts on the 2wcom IP-4c device to limit access to the web interface. 2. Implement network segmentation and firewall rules to restrict access to the device's management interface only to trusted administrative networks or VPNs. 3. Monitor and log all access attempts to the /cwi/ajax_request/get_data.php endpoint to detect suspicious POST requests indicative of exploitation attempts. 4. Enforce strong password policies and consider using multi-factor authentication if supported by the device to reduce the risk of credential compromise. 5. Regularly audit device firmware and software versions, and apply vendor patches or updates as soon as they become available. 6. If patching is not immediately possible, consider deploying web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) with custom rules to block or alert on suspicious POST requests targeting the vulnerable endpoint. 7. Educate administrators and users about the risks of credential exposure and the importance of limiting account privileges. 8. Conduct offline password hash audits to assess the strength of existing credentials and replace weak passwords promptly.