CVE Details
Basic Information
| Title | 70mai M300 Web Server access control |
|---|---|
| Type | cve |
| Published | 2025-06-23T22:00:15.277Z |
| Last Seen |
Product Information
| Vendor | 70mai |
|---|---|
| Product | M300 |
| Version | 20250611 |
CVSS Information
| Base Score | 2.3 (LOW) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A low-severity vulnerability in the 70mai M300’s Web Server component related to improper access controls. The issue can only be exploited locally and requires high complexity, making it difficult to exploit. |
|---|---|
| AI Severity | Low |
| Vendor | 70mai |
| Product | M300 |
| Affected Version | 20250611 |
Affected Products
- 70mai M300 20250611
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-284, CWE-266 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.