Satech Bcu Firmware
CVE-2025-2859
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.
AnalysisAI
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user. Affected products include: Arteche Satech Bcu Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Satech Bcu Firmware
View allPrivilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. Rated high severity (CVSS 8.5), this vulner
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials t
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. Rated medium severity (CVSS 6.9), this vulnerability is
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. Rated medium severity (CVSS 6.9), this vul
Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today