ByteOS Network

CVE Vulnerability Details :

CVE-2025-48461

PUBLISHED

More Info Official Page

Assigner-CSA

Assigner Org ID-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

Published At-24 Jun, 2025 | 02:02

Updated At-25 Jun, 2025 | 13:23

▼CVE Numbering Authority (CNA)

Weak Session Cookie Entropy

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

Affected Products

Vendor

Advantech (Advantech Co., Ltd.)

Product

Advantech Wireless Sensing and Equipment (WISE)

Default Status

unknown

Versions

Affected

A2.01 B00

Metrics

Version	Base score	Base severity	Vector
3.1	5.0	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Solutions

This vulnerability can be mitigated by enabling the Security Mode, an existing configuration feature available in previous firmware versions. Security Mode restricts access to unsecured web interfaces and disables unnecessary services to reduce attack surfaces. Users and administrators of affected products are strongly advised to enable Security Mode immediately after configuration.

Credits

finder

Joel Chang Zhi Kai

References

Hyperlink	Resource
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-341	CWE-341 Predictable from Observable State

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References