CVE-2025-66963 identifies a vulnerability in the Hitron HI3120 device firmware version 7.2.4.5.2b1, specifically related to the Logout option in the index.html interface. The flaw allows a local attacker with low privileges (PR:L) to access sensitive information that should otherwise be protected, indicating an information disclosure vulnerability classified under CWE-200. The vulnerability does not require user interaction (UI:N) and affects confidentiality (C:H) without impacting integrity or availability. The attack vector is local (AV:L), meaning the attacker must have local access to the device, such as through physical access or a compromised internal network. The vulnerability likely stems from improper handling of session termination or insufficient access controls on the logout functionality, allowing unauthorized data exposure. The CVSS score of 5.5 reflects a medium severity level, balancing the high confidentiality impact against the limited attack vector and privileges required. No patches or known exploits have been reported as of the publication date, indicating that the vulnerability is newly disclosed and unexploited in the wild. Organizations using Hitron HI3120 devices should evaluate their exposure, especially if these devices are deployed in sensitive environments or accessible by multiple users. The vulnerability underscores the importance of secure session management and access control in embedded device web interfaces.

For European organizations, the primary impact of CVE-2025-66963 is the potential unauthorized disclosure of sensitive information stored or accessible via the Hitron HI3120 device's web interface. This could include configuration details, credentials, or network information that an attacker could leverage for further attacks or lateral movement within the network. While the vulnerability does not allow modification or disruption of device operations, the confidentiality breach could compromise organizational security posture, especially in sectors like telecommunications, critical infrastructure, or enterprises relying on these devices for network connectivity. The requirement for local access limits the risk from remote attackers but raises concerns in environments where physical or internal network access is less controlled, such as shared office spaces or multi-tenant facilities. The absence of known exploits reduces immediate risk but also means organizations should proactively address the vulnerability to prevent future exploitation. Overall, the impact is moderate but significant enough to warrant attention in risk assessments and security controls.

1. Restrict physical and local network access to Hitron HI3120 devices to trusted personnel only, minimizing the risk of local attackers exploiting the vulnerability. 2. Implement network segmentation to isolate devices with vulnerable firmware from general user networks, reducing exposure. 3. Monitor device access logs and network traffic for unusual activity around the web interface, especially logout actions. 4. Disable or restrict web interface access where possible, or enforce strong authentication and session management policies. 5. Engage with Hitron or device vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. Consider replacing or upgrading devices if patches are delayed or unavailable, particularly in high-security environments. 7. Educate staff about the risks of local device access and enforce strict physical security controls in sensitive areas. 8. Regularly audit device configurations and firmware versions to ensure compliance with security policies.