{"id":6236,"date":"2025-06-02T04:29:22","date_gmt":"2025-06-02T04:29:22","guid":{"rendered":"http:\/\/localhost\/?p=6236"},"modified":"2025-06-02T04:29:22","modified_gmt":"2025-06-02T04:29:22","slug":"multilaser-sirius-re016-password-change-cstecgicgi-improper-authentication","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6236","title":{"rendered":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication"},"content":{"rendered":"

CVE Details<\/h2>\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nMultilaser Sirius RE016 Password Change cstecgi.cgi improper authentication<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-02T08:31:04.779Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nMultilaser<\/td>\n<\/tr>\n
Product<\/th>\nSirius RE016<\/td>\n<\/tr>\n
Version<\/th>\nMLT1.0<\/td>\n<\/tr>\n<\/table>\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in Multilaser Sirius RE016 MLT1.0 allows remote attackers to bypass authentication via the \/cgi-bin\/cstecgi.cgi file. The vendor has not responded to disclosure attempts, and the exploit is publicly available.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nMultilaser<\/td>\n<\/tr>\n
Product<\/th>\nSirius RE016<\/td>\n<\/tr>\n
Affected Version<\/th>\nMLT1.0<\/td>\n<\/tr>\n<\/table>\n

Additional Information<\/h3>\n\n\n\n\n\n
CVE List<\/th>\n<\/td>\n<\/tr>\n
CWE List<\/th>\nCWE-287<\/td>\n<\/tr>\n
Bulletin Family<\/th>\n<\/td>\n<\/tr>\n
Source Data<\/th>\nMultilaser Sirius RE016 MLT1.0<\/td>\n<\/tr>\n<\/table>\n

Source Information<\/h3>\n\n\n\n
Source Data<\/th>\nMultilaser Sirius RE016 MLT1.0<\/td>\n<\/tr>\n
Source Link<\/th>\n<\/a><\/td>\n<\/tr>\n<\/table>\n

Description<\/h3>\n
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file \/cgi-bin\/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<\/div>\n

CVSS Score Summary<\/h3>\n
\n

Base Score:<\/strong> 6.9 (MEDIUM)<\/span><\/p>\n<\/div>\n

View Full CVE Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

CVE Details Basic Information Title Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication Type cve Published 2025-06-02T08:31:04.779Z Last Seen Product Information Vendor Multilaser Product Sirius…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,48,12,21,13,7,11,5],"class_list":["post-6236","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nMultilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6236\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication Type cve Published 2025-06-02T08:31:04.779Z Last Seen Product Information Vendor Multilaser Product Sirius...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6236\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-02T04:29:22+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication\",\"datePublished\":\"2025-06-02T04:29:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236\"},\"wordCount\":233,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6236#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236\",\"name\":\"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-02T04:29:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6236\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6236#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6236","og_locale":"en_US","og_type":"article","og_title":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem","og_description":"CVE Details Basic Information Title Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication Type cve Published 2025-06-02T08:31:04.779Z Last Seen Product Information Vendor Multilaser Product Sirius...","og_url":"https:\/\/zero.redgem.net\/?p=6236","og_site_name":"zero redgem","article_published_time":"2025-06-02T04:29:22+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6236#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6236"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication","datePublished":"2025-06-02T04:29:22+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6236"},"wordCount":233,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6236#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6236","url":"https:\/\/zero.redgem.net\/?p=6236","name":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-02T04:29:22+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6236#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6236"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6236#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6236"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6236\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}