Skip to main content
CVE-2025-44653 HIGH This Week

Availability disruption in the H3C GR2200 router (firmware MiniGR1A0V100R016) arises because its bundled bftpd FTP daemon ships with USERLIMIT_GLOBAL set to 0 in /etc/bftpd.conf, imposing no ceiling on concurrent FTP sessions. Remote attackers can open large numbers of simultaneous connections to exhaust device sockets, memory, and CPU, degrading or crashing the FTP service and potentially the router itself. A public technical writeup exists and EPSS is modest (0.52%, 40th percentile); there is no public exploit identified beyond that writeup and no evidence of active exploitation (not listed in CISA KEV).

Denial Of Service Gr2200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-44651 HIGH This Week

Uncontrolled resource consumption in the TRENDnet TPL-430AP powerline access point (firmware FW1.0) stems from its bundled bftpd FTP daemon shipping with USERLIMIT_GLOBAL=0, which imposes no cap on concurrent connections. A remote attacker can open unlimited simultaneous FTP sessions to exhaust device memory and connection resources, rendering the access point unresponsive (availability-only impact, no data compromise). No public exploit code has been confirmed, though a researcher gist and writeup describing the issue exist; EPSS risk is modest at 0.52% and the CVE is not listed in CISA KEV.

Denial Of Service Tpl 430Ap Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-44649 HIGH This Week

Cleartext identity exposure in the TRENDnet TEW-WLC100P wireless controller (firmware 2.03b03) stems from its bundled racoon IKE daemon shipping with aggressive mode as the first exchange_mode entry. Because IKE Phase 1 aggressive mode transmits identity payloads in plaintext and sends a hash of the pre-shared key that can be captured, any party observing or initiating a negotiation can harvest identities and mount offline dictionary attacks against the PSK. No public exploit identified at time of analysis and the EPSS probability is low (0.27%, 19th percentile), consistent with a configuration-hardening weakness rather than a mass-exploited flaw.

Information Disclosure Tew Wlc100P Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-4130 HIGH This Week

Sensitive constant disclosure in PAVO Inc.'s PAVO Pay (versions before 13.05.2025) allows remote attackers to extract hard-coded credentials embedded in the application binary, undermining authentication controls for the payment platform. The CVSS 7.5 score reflects high confidentiality impact with no required privileges or user interaction, though EPSS at 0.27% suggests limited mass exploitation interest and no public exploit identified at time of analysis. The disclosure originated from Turkey's national CERT (USOM), indicating a coordinated vendor advisory.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-4129 HIGH This Week

Authorization bypass in PAVO Inc. PAVO Pay (versions before 13.05.2025) allows remote unauthenticated attackers to access sensitive data by manipulating user-controlled identifiers (IDOR pattern). The flaw, mapped to CWE-639, enables exploitation of trusted identifiers without authentication and has no public exploit identified at time of analysis, with EPSS rating exploitation likelihood at 0.27%.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-1469 HIGH This Week

Information disclosure in Turtek Software's Eyotek product (versions before 11.03.2025) allows remote unauthenticated attackers to access other users' data by manipulating user-controlled identifiers (IDOR-class flaw). The CVSS 7.5 score reflects high confidentiality impact with no integrity or availability impact, and no public exploit identified at time of analysis. The flaw was reported by Turkey's national CERT (USOM) and tracked under advisory TR-25-0163.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-44647 HIGH This Week

Pre-Shared Key hash disclosure affects the TRENDnet TEW-WLC100P wireless LAN controller running firmware 2.03b03, whose bundled strongSwan configuration ships with the i_dont_care_about_security_and_use_aggressive_mode_psk option enabled by default. Because the IKE responder accepts IKEv1 Aggressive Mode with PSK, it transmits the PSK hash in the clear during negotiation, letting a network-positioned attacker capture it and mount an offline dictionary/brute-force crack to recover the VPN pre-shared secret. There is no public exploit identified at time of analysis, no CISA KEV listing, and EPSS is low (0.36%), reflecting an information-disclosure weakness rather than direct remote code execution.

Information Disclosure Tew Wlc100P Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-4040 HIGH This Week

Privilege escalation in Turpak Automatic Station Monitoring System versions prior to 5.0.6.51 allows authenticated remote attackers to bypass authorization controls by manipulating user-controlled keys (IDOR-style flaw). Authenticated low-privilege users can access or modify resources belonging to other accounts, including potentially higher-privileged ones. EPSS scores exploitation likelihood at 0.19% (41st percentile) and no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy