Satech Bcu Firmware
CVE-2025-2861
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.
AnalysisAI
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-319. SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately. Affected products include: Arteche Satech Bcu Firmware. Version information: version 2.1.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Satech Bcu Firmware
View allPrivilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. Rated high severity (CVSS 8.5), this vulner
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the activ
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials t
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. Rated medium severity (CVSS 6.9), this vul
Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today