A missing authentication check in a critical function of ePati Cyber Security Technologies' Antikor Next Generation Firewall allows an attacker to bypass login credentials and gain unrestricted access to the device's administrative interface. By exploiting this flaw, an attacker could potentially modify firewall configurations or perform other actions that an authenticated administrator would normally have permission to execute, thereby undermining the device’s intended security controls. The vulnerability therefore exposes the firewall to possible configuration changes and unauthorized use of administrative capabilities.

ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) versions 2.0.1298 through 2.0.1300 are affected. Versions 2.0.1301 and later contain the fix for the missing authentication issue.

The vulnerability is rated CVSS 9.8, indicating critical severity, and the EPSS score is approximately 2.6%, reflecting a low to moderate probability of exploitation. It is not listed in the CISA KEV catalog. The attack vector is inferred to be remote or local to management interfaces, as the flaw removes all authentication requirements. An attacker with access to the firewall management network can exploit it without needing valid credentials or social engineering, making the risk high for organizations that expose the management interfaces to broader networks.