CVE-2025-1204 · CVEKit

cve.orgen

388 chars

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.

NVDen

388 chars

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.

NVDes

421 chars

El binario "update" en el firmware del producto afectado envía intentos de montaje a una dirección IP enrutable y codificada, omitiendo para ello la configuración de red existente del dispositivo. La función se activa si se presiona el botón "C" en un momento específico durante el proceso de arranque. Si un atacante puede controlar o suplantar esta dirección IP, podría cargar y sobrescribir archivos en el dispositivo.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	7.7	—	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	7.7	—	—