Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11284

Source VulDB

Published Oct 5, 2025 at 05:32

Affected Product

Vendor Zytec Dalian Zhuoyun Technology

Product Central Authentication Service

Version 3

Affected Versions Zytec Dalian Zhuoyun Technology Central Authentication Service 3

CWE Classification

CWE-259 CWE-255

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-05T05:32:06.385Z",
    "modified": "2025-10-05T05:32:06.385Z",
    "type": "cve",
    "title": "Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327042\nhttps://vuldb.com/?ctiid.327042\nhttps://vuldb.com/?submit.659701\nhttp://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/fbnoABGFBEGPcvgmowepgokwj293t0-23t202jk9t0.html",
    "id": "CVE-2025-11284",
    "bulletinFamily": "",
    "cwe": [
        "CWE-259",
        "CWE-255"
    ],
    "cvelist": null,
    "sourceData": "Zytec Dalian Zhuoyun Technology Central Authentication Service 3",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Central Authentication Service",
    "version": "3",
    "vendor": "Zytec Dalian Zhuoyun Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password_CVE-2025-11284