A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords".
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sony | SNC-M1 | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-M3 | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-RZ25N | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-RZ30N | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-DS10 | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-CS3N | affected |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sony | SNC-RX570N | affected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-16220 | A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords". |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 28 May 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 24 May 2025 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords". | |
| Title | Sony SNC-M1 Administrative Interface default credentials | |
| Weaknesses | CWE-1392 | |
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2025-05-28T17:40:32.611Z
Reserved: 2025-05-23T17:58:19.738Z
Link: CVE-2025-5124
Vulnrichment
Updated: 2025-05-27T14:23:38.728Z
NVD
Status : Awaiting Analysis
Published: 2025-05-24T13:15:19.390
Modified: 2025-05-28T18:15:27.973
Link: CVE-2025-5124
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses