ГлавнаяУязвимости → CVE-2025-41733
9.8критическая

CVE-2025-41733

Описание

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.

Затрагиваемое ПО
Metz-connect Ewio2-m firmwareMetz-connect Ewio2-mMetz-connect Ewio2-m-bm firmwareMetz-connect Ewio2-m-bmMetz-connect Ewio2-bm firmwareMetz-connect Ewio2-bm
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://certvde.com/de/advisories/VDE-2025-097