{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2771", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-03-24T19:44:28.532Z", "datePublished": "2025-04-23T16:52:10.775Z", "dateUpdated": "2025-04-23T17:50:26.583Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-04-23T16:52:10.775Z"}, "title": "BEC Technologies Multiple Routers Authentication Bypass Vulnerability", "descriptions": [{"lang": "en", "value": "BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894."}], "affected": [{"vendor": "BEC Technologies", "product": "Multiple Routers", "versions": [{"version": "1.04.1.512, 1.04.1.542", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-184/", "name": "ZDI-25-184", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-03-24T19:44:28.576Z", "datePublic": "2025-03-25T23:23:10.590Z", "source": {"lang": "en", "value": "Steven C Yu of Trend Micro Research"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T17:50:15.758032Z", "id": "CVE-2025-2771", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T17:50:26.583Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T17:50:15.758032Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T17:50:22.474Z"}}], "cna": {"title": "BEC Technologies Multiple Routers Authentication Bypass Vulnerability", "source": {"lang": "en", "value": "Steven C Yu of Trend Micro Research"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "BEC Technologies", "product": "Multiple Routers", "versions": [{"status": "affected", "version": "1.04.1.512, 1.04.1.542"}], "defaultStatus": "unknown"}], "datePublic": "2025-03-25T23:23:10.590Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-184/", "name": "ZDI-25-184", "tags": ["x_research-advisory"]}], "dateAssigned": "2025-03-24T19:44:28.576Z", "descriptions": [{"lang": "en", "value": "BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-04-23T16:52:10.775Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2771", "state": "PUBLISHED", "dateUpdated": "2025-04-23T17:50:26.583Z", "dateReserved": "2025-03-24T19:44:28.532Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-04-23T16:52:10.775Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bectechnologies:router_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B67386D-1A8A-462E-B088-16742C92DA66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en m\u00faltiples enrutadores de BEC Technologies. Esta vulnerabilidad permite a atacantes remotos omitir la autenticaci\u00f3n en las instalaciones afectadas de enrutadores de BEC Technologies. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica se encuentra en la interfaz de usuario web. El problema se debe a la falta de autenticaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticaci\u00f3n en el sistema. Anteriormente, se denomin\u00f3 ZDI-CAN-25894."}], "id": "CVE-2025-2771", "lastModified": "2025-08-18T15:55:21.937", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-04-23T17:16:55.160", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-184/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{}