Skip to main content

Hitron HI3120 CVE-2025-66963

MEDIUM
Information Exposure (CWE-200)
2025-12-15 cve@mitre.org
5.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Local attack vector and low privilege required to access LAN management interface post-logout; no integrity or availability impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:21 vuln.today

DescriptionCVE.org

An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html

AnalysisAI

Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.

Technical ContextAI

The Hitron HI3120 is a residential or SMB gateway device running firmware version 7.2.4.5.2b1, identified by CPE cpe:2.3:o:hitrontech:hi3120_firmware:7.2.4.5.2b1:*:*:*:*:*:*:*. The device exposes a web-based management interface served via index.html. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) is the listed root cause class, but the 'Insufficient Session Expiration' tag points more specifically toward CWE-613 behavior: when a user invokes the Logout function, the server or client-side session state is not properly terminated or purged, leaving tokens, credentials, or configuration data accessible in browser storage, page cache, or device memory. A local attacker - one with physical access or existing unprivileged presence on the device's LAN - can subsequently retrieve this residual sensitive data.

RemediationAI

No vendor-released patch has been identified at time of analysis - no Hitrontech advisory or fixed firmware version is referenced in the available data. As a compensating control, administrators should restrict access to the HI3120 web management interface to trusted hosts only, using any available ACL or firewall rules to prevent unauthorized LAN clients from reaching the management port. Users should manually clear browser cache and session storage after each management session rather than relying solely on the Logout function. Where possible, disabling remote or LAN-wide web management access and restricting it to a single administrative workstation reduces the window of exposure. Affected users should monitor https://github.com/kakarotossj3/CVEs/blob/main/Hitron/Insufficient%20Session%20Expiration/Details and the Hitrontech support portal for firmware updates addressing this issue.

Share

CVE-2025-66963 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy