CVE-2025-48416

{"id": "CVE-2025-48416", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-05-21T13:16:02.947", "references": [{"url": "https://r.sec-consult.com/echarge", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "http://seclists.org/fulldisclosure/2025/May/23", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the \"/etc/shadow\" file in the firmware image for the \"root\" user. However, in the default SSH configuration the \"PermitRootLogin\" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though."}, {"lang": "es", "value": "Un demonio OpenSSH escucha en el puerto TCP 22. Hay una entrada incluida en el archivo \u00ab/etc/shadow\u00bb en la imagen del firmware para el usuario \u00abroot\u00bb. Sin embargo, en la configuraci\u00f3n SSH por defecto el \u00abPermitRootLogin\u00bb est\u00e1 desactivado, impidiendo que el usuario root inicie sesi\u00f3n a trav\u00e9s de SSH. No obstante, esta configuraci\u00f3n puede ser evitada/cambiada por un atacante de m\u00faltiples formas."}], "lastModified": "2025-11-03T20:19:06.773", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}