Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-65855
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-17 Dec, 2025 | 17:15
Updated At-06 Jan, 2026 | 15:09

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
netun
netun
>>helpflash_iot_firmware>>18_178_221102_ascii_pro_1r5_50
cpe:2.3:o:netun:helpflash_iot_firmware:18_178_221102_ascii_pro_1r5_50:*:*:*:*:*:*:*
netun
netun
>>helpflash_iot>>-
cpe:2.3:h:netun:helpflash_iot:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-494Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-798Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-319
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-494
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-798
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.espressif.com/projects/esp-idf/en/v4.3.2/cve@mitre.org
Product
https://luismirandaacebedo.github.io/CVE-2025-65855/cve@mitre.org
Third Party Advisory
Hyperlink: https://docs.espressif.com/projects/esp-idf/en/v4.3.2/
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://luismirandaacebedo.github.io/CVE-2025-65855/
Source: cve@mitre.org
Resource:
Third Party Advisory
Change History
0Changes found
Details not found