Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

bridgetech

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2025-63205
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.47%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 00:00
Updated-03 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed.

Action-Not Available
Vendor-bridgetechn/a
Product-nomad_portablenomad_portable_firmwarevb220_firmwarevb440_firmwarevb120vb440vb220vb120_firmwarevb330vb330_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-63208
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.30%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 00:00
Updated-15 Jan, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.

Action-Not Available
Vendor-bridgetechn/a
Product-vb288_firmwarevb288n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-63211
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 00:00
Updated-15 Jan, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint.

Action-Not Available
Vendor-bridgetechn/a
Product-vbc_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-63214
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.51%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 00:00
Updated-11 Dec, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts.

Action-Not Available
Vendor-bridgetechn/a
Product-vbc_servervb220vb120vb440vb330n/a
CWE ID-CWE-284
Improper Access Control