The vulnerability identified as CVE-2025-65212 affects NJHYST HY511 POE core devices and associated plugins prior to versions 2.1 and 0.1 respectively. The root cause is insufficient cookie verification in the device's web management interface. This flaw allows an attacker to bypass the login authentication by directly requesting the URL of the core configuration file. Since the device does not properly validate the requester's session or cookies, the attacker can download the configuration file without any credentials. The configuration file contains sensitive information including usernames and passwords, where the passwords are stored as self-decrypted MD5 hashes. By extracting these credentials, the attacker can log in to the backend management interface, effectively bypassing the front-end login page. This leads to unauthorized administrative access, enabling potential configuration changes, device control, or further lateral movement within the network. The vulnerability does not require prior authentication or user interaction, increasing its risk. Although no public exploits have been reported yet, the flaw's nature suggests it could be exploited remotely by anyone with network access to the device management interface. The lack of a CVSS score indicates the need for a severity assessment based on impact and exploitability factors. The vulnerability impacts confidentiality (exposure of credentials), integrity (unauthorized configuration changes), and potentially availability if the attacker disrupts device operation. The affected devices are typically used in network infrastructure environments, making this a critical concern for organizations relying on NJHYST hardware. No official patches or mitigations are currently listed, emphasizing the need for immediate defensive measures.

For European organizations, this vulnerability poses a significant threat to network security and operational integrity. Unauthorized access to device management interfaces can lead to full compromise of the affected NJHYST devices, which may be integral to network infrastructure such as power over Ethernet (PoE) deployments. Attackers gaining control could alter configurations, disable security features, or use the devices as pivot points for further attacks within enterprise or industrial networks. Confidentiality is severely impacted due to exposure of usernames and passwords, potentially allowing attackers to escalate privileges or move laterally. Integrity is compromised as attackers can modify device settings undetected. Availability could also be affected if attackers disrupt device functions. Critical infrastructure sectors, including energy, manufacturing, and telecommunications, which often deploy such devices, are at heightened risk. The lack of authentication requirement and ease of exploitation increase the likelihood of successful attacks, especially in environments where device management interfaces are exposed or insufficiently segmented. This vulnerability could also lead to regulatory compliance issues under GDPR if personal or sensitive data is indirectly exposed or compromised through these devices.

1. Immediately restrict network access to NJHYST HY511 POE device management interfaces by implementing strict firewall rules and network segmentation to limit exposure only to trusted administrative hosts. 2. Monitor network traffic for unusual requests targeting configuration file URLs or unauthorized access attempts to the device backend. 3. Disable remote management interfaces if not strictly necessary or enforce VPN access with strong multi-factor authentication for remote administration. 4. Regularly audit device configurations and logs to detect unauthorized changes or access patterns. 5. Engage with NJHYST or authorized vendors to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 6. If patching is delayed, consider deploying compensating controls such as web application firewalls (WAFs) or reverse proxies that can enforce stricter session validation and block direct configuration file requests. 7. Educate network administrators about this vulnerability and the importance of safeguarding device management credentials and interfaces. 8. Implement strong password policies and consider changing all device credentials after remediation to prevent reuse of leaked passwords. 9. Conduct penetration testing and vulnerability assessments focused on device management interfaces to identify similar weaknesses.