70mai X200 HTTP Web Server default credentials_CVE-2025-11943

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11943

Source VulDB

Published Oct 19, 2025 at 19:32

Affected Product

Vendor 70mai

Product X200

Version 20251010

Affected Versions 70mai X200 20251010

CWE Classification

CWE-1392

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-19T19:32:05.817Z",
    "modified": "2025-10-19T19:32:05.817Z",
    "type": "cve",
    "title": "70mai X200 HTTP Web Server default credentials",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329022\nhttps://vuldb.com/?ctiid.329022\nhttps://vuldb.com/?submit.672521\nhttps://github.com/geo-chen/70mai/blob/main/README.md#finding-10-exposed-root-password-via-unauthenticated-http-server",
    "id": "CVE-2025-11943",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "70mai X200 20251010",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X200",
    "version": "20251010",
    "vendor": "70mai",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}