Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2025-30805 | The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system's security posture, as these hashes could be cracked offline, granting attackers administrative access to the device. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 14 Oct 2025 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
2wcom ip-4c Firmware
|
|
CPEs | cpe:2.3:h:2wcom:ip-4c:-:*:*:*:*:*:*:* cpe:2.3:o:2wcom:ip-4c_firmware:2.15.5:*:*:*:*:*:*:* |
|
Vendors & Products |
2wcom ip-4c Firmware
|
Tue, 23 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 | |
Metrics |
cvssV3_1
|
Tue, 23 Sep 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
2wcom
2wcom ip-4c |
|
Vendors & Products |
2wcom
2wcom ip-4c |
Mon, 22 Sep 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system's security posture, as these hashes could be cracked offline, granting attackers administrative access to the device. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-23T18:13:40.814Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-57433

Updated: 2025-09-23T16:04:42.388Z

Status : Analyzed
Published: 2025-09-22T16:15:44.890
Modified: 2025-10-14T19:56:41.777
Link: CVE-2025-57433

No data.

Updated: 2025-09-23T16:09:56Z