CVE-2025-1882

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

CVSS v3 5.0 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 3.2 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/geo-chen/i-Drive	Third Party Advisory
https://vuldb.com/?ctiid.298196	Permissions Required
https://vuldb.com/?id.298196	Permissions Required
https://vuldb.com/?submit.510955	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:i-drive:i11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:i-drive:i11:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:i-drive:i12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:i-drive:i12:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-03 21:15

Updated : 2025-03-05 15:18

NVD link : CVE-2025-1882

Mitre link : CVE-2025-1882

CVE.ORG link : CVE-2025-1882

JSON object : View

Products Affected

i-drive

i11
i11_firmware
i12_firmware
i12

CWE

CWE-284

Improper Access Control

CWE-1262

Improper Access Control for Register Interface

NVD-CWE-Other

{"id": "CVE-2025-1882", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.2, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-03T21:15:18.267", "references": [{"url": "https://github.com/geo-chen/i-Drive", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.298196", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://vuldb.com/?id.298196", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.510955", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-1262"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en i-Drive i11 e i12 hasta 20250227. Se ha calificado como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del componente Device Setting Handler. La manipulaci\u00f3n conduce a un control de acceso inadecuado para la interfaz de registro. El ataque debe realizarse dentro de la red local. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. No fue posible identificar al responsable actual del mantenimiento del producto. Se debe asumir que el producto ha llegado al final de su vida \u00fatil."}], "lastModified": "2025-03-05T15:18:54.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:i-drive:i11_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F190E901-E255-488B-8393-25824B55501C", "versionEndIncluding": "20250227"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:i-drive:i11:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1AC63E40-205E-4842-9C3C-227A37310C37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:i-drive:i12_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F0904B4-A160-4619-B46A-E399C7C0B339", "versionEndIncluding": "20250227"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:i-drive:i12:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7D9B7F71-2A76-4A8F-8474-E21D8529E794"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}