CVE Details
Basic Information
| Title | Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication |
|---|---|
| Type | cve |
| Published | 2025-06-02T08:31:04.779Z |
| Last Seen |
Product Information
| Vendor | Multilaser |
|---|---|
| Product | Sirius RE016 |
| Version | MLT1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in Multilaser Sirius RE016 MLT1.0 allows remote attackers to bypass authentication via the /cgi-bin/cstecgi.cgi file. The vendor has not responded to disclosure attempts, and the exploit is publicly available. |
|---|---|
| AI Severity | Medium |
| Vendor | Multilaser |
| Product | Sirius RE016 |
| Affected Version | MLT1.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-287 |
| Bulletin Family | |
| Source Data | Multilaser Sirius RE016 MLT1.0 |
Source Information
| Source Data | Multilaser Sirius RE016 MLT1.0 |
|---|---|
| Source Link |
Description
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 6.9 (MEDIUM)