216.73.217.172

CVE-2025-59105

· Published 26/01/2026 10:16 · Modified 26/01/2026 15:03

Labels: CVE-2025-59105 2026-01-26551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-59105CWE-312

Essential information

Published
26/01/2026 10:16
Modified
26/01/2026 15:03
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and read, in order to gain SSH root access on the Linux-based K7 model. On the Windows CE based K5 model, the password for the Access Manager can additionally be read in plain text from the stored SQLite database.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / k7 cpe:2.3:a:*:k7:*:*:*:*:*:*:*:*
* / k5 cpe:2.3:a:*:k5:*:*:*:*:*:*:*:*

References