Description
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
Published: 2026-03-11
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass with Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

This vulnerability exists in eWON Firmware versions 12.2 through 13.0 and allows an attacker with minimal privileges to bypass authentication. By sending a POST request to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter, an attacker can retrieve encrypted passwords for all users. The passwords can then be decrypted using a hardcoded XOR key, resulting in credential compromise. The weakness is a credential management flaw identified as CWE-798.

Affected Systems

The affected product is eWON firmware from the vendor eWON, specifically versions 12.2 to 13.0.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, indicating high severity, but its EPSS score is below 1%, suggesting a low likelihood of exploitation. It is not listed in the CISA KEV catalog. Attackers need network access to the device and can exploit the vulnerability remotely by crafting requests to the vulnerable endpoint, thereby extracting sensitive credential data.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any available firmware update or patch issued by eWON that addresses the authentication bypass.
  • If a patch is not yet available, block or restrict access to the /wrcgi.bin/wsdReadForm endpoint using firewall or web-application-control rules so only authorized management traffic can reach the device.
  • Monitor device logs for suspicious POST requests to /wrcgi.bin/wsdReadForm and investigate any anomalies promptly.
  • Consider disabling the wsdReadForm feature if the device configuration permits.
  • Keep the device firmware updated as soon as an official fix becomes available to eliminate the underlying credential management flaw.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ewon
Ewon ewon
Vendors & Products Ewon
Ewon ewon

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
Title eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ewon Ewon
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:28.379Z

Reserved: 2026-02-22T14:42:43.546Z

Link: CVE-2019-25470

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:57.354Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:00.613

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25470

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:49Z

Weaknesses