CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.

Advantech WISE-DeviceOn Server versiones anteriores a 5.4 tienen una vulnerabilidad de clave criptográfica almacenada en el código. El producto utiliza un secreto HMAC HS512 estático para firmar los JWT de EIRMMToken en todas las instalaciones. El servidor acepta JWT falsificados que solo necesitan contener un email claim válido, lo que permite a un atacante remoto no autenticado generar tokens arbitrarios y suplantar cualquier cuenta de DeviceOn, incluyendo la cuenta de superadministrador raíz. La explotación exitosa permite el control total como administrador de la instancia de DeviceOn y puede ser aprovechada para ejecutar código en agentes gestionados a través de las funciones de gestión remota de DeviceOn.