egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass_CVE-2025-41702

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.

Basic Information

ID CVE-2025-41702

Source CERTVDE

Published Aug 26, 2025 at 06:10

Affected Product

Vendor Welotec

Product EG400Mk2-D11001-000101

Version 0.0.0

Affected Versions Welotec EG400Mk2-D11001-000101 0.0.0
Welotec EG400Mk2-D11001-000101 v1.8.0
Welotec EG400Mk2-D11101-000101 0.0.0
Welotec EG400Mk2-D11101-000101 v1.8.0
Welotec EG503W 0.0.0
Welotec EG503W v1.8.0
Welotec EG503L 0.0.0
Welotec EG503L v1.8.0
Welotec EG503W_4GB 0.0.0
Welotec EG503W_4GB v1.8.0
Welotec EG503L_4GB 0.0.0
Welotec EG503L_4GB v1.8.0
Welotec EG503L-G 0.0.0
Welotec EG503L-G v1.8.0
Welotec EG500Mk2-A11101-000101 0.0.0
Welotec EG500Mk2-A11101-000101 v1.8.0
Welotec EG500Mk2-A11001-000101 0.0.0
Welotec EG500Mk2-A11001-000101 v1.8.0
Welotec EG500Mk2-B11101-000101 0.0.0
Welotec EG500Mk2-B11101-000101 v1.8.0
Welotec EG500Mk2-B11001-000101 0.0.0
Welotec EG500Mk2-B11001-000101 v1.8.0
Welotec EG500Mk2-C11101-000101 0.0.0
Welotec EG500Mk2-C11101-000101 v1.8.0
Welotec EG500Mk2-C11001-000101 0.0.0
Welotec EG500Mk2-C11001-000101 v1.8.0
Welotec EG500Mk2-A12011-000101 0.0.0
Welotec EG500Mk2-A12011-000101 v1.8.0
Welotec EG500Mk2-A11001-000201 0.0.0
Welotec EG500Mk2-A11001-000201 v1.8.0
Welotec EG500Mk2-A21101-000101 0.0.0
Welotec EG500Mk2-A21101-000101 v1.8.0
Welotec EG602W 0.0.0
Welotec EG602W v1.8.0
Welotec EG602L 0.0.0
Welotec EG602L v1.8.0
Welotec EG603W Mk2 0.0.0
Welotec EG603W Mk2 v1.8.0
Welotec EG603L Mk2 0.0.0
Welotec EG603L Mk2 v1.8.0
Welotec EG802W 0.0.0
Welotec EG802W v1.8.0
Welotec EG804W 0.0.0
Welotec EG804W v1.8.0
Welotec EG802W_i7_512GB_DinRail 0.0.0
Welotec EG802W_i7_512GB_DinRail v1.8.0
Welotec EG802W_i7_512GB_w/o DinRail 0.0.0
Welotec EG802W_i7_512GB_w/o DinRail v1.8.0
Welotec EG804W Pro 0.0.0
Welotec EG804W Pro v1.8.0

CWE Classification

CWE-321

References

certvde.com /de/advisories/VDE-2025-076

{
    "lastseen": "",
    "description": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.",
    "published": "2025-08-26T06:10:57.464Z",
    "modified": "2025-08-26T06:10:57.464Z",
    "type": "cve",
    "title": "egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2025-076",
    "id": "CVE-2025-41702",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "Welotec EG400Mk2-D11001-000101 0.0.0\nWelotec EG400Mk2-D11001-000101 v1.8.0\nWelotec EG400Mk2-D11101-000101 0.0.0\nWelotec EG400Mk2-D11101-000101 v1.8.0\nWelotec EG503W 0.0.0\nWelotec EG503W v1.8.0\nWelotec EG503L 0.0.0\nWelotec EG503L v1.8.0\nWelotec EG503W_4GB 0.0.0\nWelotec EG503W_4GB v1.8.0\nWelotec EG503L_4GB 0.0.0\nWelotec EG503L_4GB v1.8.0\nWelotec EG503L-G 0.0.0\nWelotec EG503L-G v1.8.0\nWelotec EG500Mk2-A11101-000101 0.0.0\nWelotec EG500Mk2-A11101-000101 v1.8.0\nWelotec EG500Mk2-A11001-000101 0.0.0\nWelotec EG500Mk2-A11001-000101 v1.8.0\nWelotec EG500Mk2-B11101-000101 0.0.0\nWelotec EG500Mk2-B11101-000101 v1.8.0\nWelotec EG500Mk2-B11001-000101 0.0.0\nWelotec EG500Mk2-B11001-000101 v1.8.0\nWelotec EG500Mk2-C11101-000101 0.0.0\nWelotec EG500Mk2-C11101-000101 v1.8.0\nWelotec EG500Mk2-C11001-000101 0.0.0\nWelotec EG500Mk2-C11001-000101 v1.8.0\nWelotec EG500Mk2-A12011-000101 0.0.0\nWelotec EG500Mk2-A12011-000101 v1.8.0\nWelotec EG500Mk2-A11001-000201 0.0.0\nWelotec EG500Mk2-A11001-000201 v1.8.0\nWelotec EG500Mk2-A21101-000101 0.0.0\nWelotec EG500Mk2-A21101-000101 v1.8.0\nWelotec EG602W 0.0.0\nWelotec EG602W v1.8.0\nWelotec EG602L 0.0.0\nWelotec EG602L v1.8.0\nWelotec EG603W Mk2 0.0.0\nWelotec EG603W Mk2 v1.8.0\nWelotec EG603L Mk2 0.0.0\nWelotec EG603L Mk2 v1.8.0\nWelotec EG802W 0.0.0\nWelotec EG802W v1.8.0\nWelotec EG804W 0.0.0\nWelotec EG804W v1.8.0\nWelotec EG802W_i7_512GB_DinRail 0.0.0\nWelotec EG802W_i7_512GB_DinRail v1.8.0\nWelotec EG802W_i7_512GB_w/o DinRail 0.0.0\nWelotec EG802W_i7_512GB_w/o DinRail v1.8.0\nWelotec EG804W Pro 0.0.0\nWelotec EG804W Pro v1.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EG400Mk2-D11001-000101",
    "version": "0.0.0",
    "vendor": "Welotec",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}