CVE-2025-67112 is a cryptographic vulnerability found in the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware versions prior to DG3934v3@2308041842. The issue stems from the use of a hard-coded AES-256-CBC encryption key embedded within the device's configuration backup and restore mechanisms. This key is used to encrypt and decrypt configuration files that can be exported or imported through the device's graphical user interface (GUI). Because the key is hard-coded and static, any remote authenticated user who can access the GUI import/export functions can decrypt existing configuration backups, modify sensitive parameters such as credentials or privilege settings, and then re-encrypt the configuration files. When these manipulated configurations are restored, the attacker can escalate privileges or gain unauthorized access to device functions. The vulnerability requires authentication to the device’s GUI, but no further user interaction is needed once authenticated. This flaw compromises the confidentiality and integrity of device configurations and could lead to privilege escalation, potentially allowing attackers to control or disrupt the device. No public exploits have been reported yet, and no CVSS score has been assigned. The vulnerability affects a specific firmware version of a widely used small cell device in certain telecom and private network deployments.

The vulnerability allows attackers with valid credentials to fully decrypt and modify device configurations, which can lead to unauthorized privilege escalation and credential manipulation. This undermines the confidentiality and integrity of the device’s configuration data, potentially allowing attackers to gain administrative control or disrupt network operations. Organizations deploying these devices in private LTE/5G networks or telecom infrastructure could face risks including unauthorized network access, interception of communications, and service disruption. The ability to alter configurations remotely increases the attack surface and could facilitate lateral movement within networks. Although exploitation requires authentication, compromised or weak credentials could enable attackers to leverage this vulnerability. The absence of a patch at the time of disclosure means affected organizations remain exposed until firmware updates are applied. The impact is particularly critical for environments relying on these devices for secure network access and communications.

1. Immediately update affected devices to firmware version DG3934v3@2308041842 or later, where the hard-coded key issue is resolved. 2. Restrict GUI access to trusted networks and enforce strong authentication mechanisms, including multi-factor authentication if supported. 3. Regularly audit and rotate device credentials to reduce the risk of credential compromise. 4. Monitor device logs for unusual import/export activity that could indicate exploitation attempts. 5. Employ network segmentation to isolate small cell devices from broader enterprise networks, limiting attacker movement. 6. If firmware updates are not immediately available, consider disabling configuration backup/restore features or restricting their use to trusted administrators only. 7. Implement strict access controls and network-level protections such as VPNs or IP whitelisting for management interfaces. 8. Educate administrators on the risks of using default or weak credentials and the importance of timely patching.