Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-65855

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Dec, 2025 | 00:00
Updated At-17 Dec, 2025 | 16:52
Rejected At-
Credits

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Dec, 2025 | 00:00
Updated At:17 Dec, 2025 | 16:52
Rejected At:
▼CVE Numbering Authority (CNA)

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.espressif.com/projects/esp-idf/en/v4.3.2/
N/A
https://luismirandaacebedo.github.io/CVE-2025-65855/
N/A
Hyperlink: https://docs.espressif.com/projects/esp-idf/en/v4.3.2/
Resource: N/A
Hyperlink: https://luismirandaacebedo.github.io/CVE-2025-65855/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
CWECWE-494CWE-494 Download of Code Without Integrity Check
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-494
Description: CWE-494 Download of Code Without Integrity Check
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Dec, 2025 | 17:15
Updated At:06 Jan, 2026 | 15:09

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
netun
netun
>>helpflash_iot_firmware>>18_178_221102_ascii_pro_1r5_50
cpe:2.3:o:netun:helpflash_iot_firmware:18_178_221102_ascii_pro_1r5_50:*:*:*:*:*:*:*
netun
netun
>>helpflash_iot>>-
cpe:2.3:h:netun:helpflash_iot:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-494Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-798Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-319
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-494
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-798
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.espressif.com/projects/esp-idf/en/v4.3.2/cve@mitre.org
Product
https://luismirandaacebedo.github.io/CVE-2025-65855/cve@mitre.org
Third Party Advisory
Hyperlink: https://docs.espressif.com/projects/esp-idf/en/v4.3.2/
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://luismirandaacebedo.github.io/CVE-2025-65855/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-33895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.39% / 59.23%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-04 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.

Action-Not Available
Vendor-hms-networksn/a
Product-ewon_cosy\+_wifiewon_cosy\+_4g_jpewon_cosy\+_ethernetewon_cosy\+_4g_apacewon_cosy\+_4g_euewon_cosy\+_firmwareewon_cosy\+_4g_nan/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-18199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.04% / 13.75%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 13:48
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

Action-Not Available
Vendor-n/aFujitsu Limited
Product-lx390_firmwarelx390n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
Details not found