CVE Details
Basic Information
| Title | 70mai M300 HTTP Server insufficiently protected credentials |
|---|---|
| Type | cve |
| Published | 2025-06-23T22:00:13.932Z |
| Last Seen |
Product Information
| Vendor | 70mai |
|---|---|
| Product | M300 |
| Version | 20250611 |
CVSS Information
| Base Score | 2.3 (LOW) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the 70mai M300’s HTTP server exposes insufficiently protected credentials. The issue requires local network access and has high attack complexity, making exploitation difficult. The exploit is publicly disclosed. |
|---|---|
| AI Severity | Low |
| Vendor | 70mai |
| Product | 70mai M300 |
| Affected Version | 20250611 |
Affected Products
- 70mai M300 20250611
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-522 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.