The CVE description has been updated, but it still identifies a missing authentication check in a critical function of ePati’s Antikor Next Generation Firewall. This flaw allows an attacker to bypass login credentials and gain unrestricted access to the device’s administrative interface, potentially enabling configuration changes or other privileged actions that should be reserved for authenticated users.

ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) versions 2.0.1298 through 2.0.1300 are affected. Versions 2.0.1301 and later contain the fix for the missing authentication issue.

The vulnerability is rated CVSS 9.8, indicating critical severity, and the EPSS score is approximately 3%, reflecting a low to moderate probability of exploitation. It is not listed in the CISA KEV catalog. The attack vector is inferred to be remote or local to management interfaces, as the flaw removes all authentication requirements. An attacker with access to the firewall management network can exploit it without needing valid credentials or social engineering, making the risk high for organizations that expose the management interfaces to broader networks.