216.73.216.133

CVE-2025-5484

· Published 12/06/2025 20:15 · Modified 12/06/2025 20:15

Labels: CVE-2025-5484 2025-06-12CVE-2025-5484CWE-1390[email protected]

Essential information

Published
12/06/2025 20:15
Modified
12/06/2025 20:15
Author
Creator
CVSS
7.6 HIGH (v3) 7.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sino track / device management interface cpe:2.3:a:sino_track:device_management_interface:*:*:*:*:*:*:*:*

References