Hitron HI3120 CVE-2025-66963
MEDIUMSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Local attack vector and low privilege required to access LAN management interface post-logout; no integrity or availability impact applies.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html
AnalysisAI
Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.
Technical ContextAI
The Hitron HI3120 is a residential or SMB gateway device running firmware version 7.2.4.5.2b1, identified by CPE cpe:2.3:o:hitrontech:hi3120_firmware:7.2.4.5.2b1:*:*:*:*:*:*:*. The device exposes a web-based management interface served via index.html. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) is the listed root cause class, but the 'Insufficient Session Expiration' tag points more specifically toward CWE-613 behavior: when a user invokes the Logout function, the server or client-side session state is not properly terminated or purged, leaving tokens, credentials, or configuration data accessible in browser storage, page cache, or device memory. A local attacker - one with physical access or existing unprivileged presence on the device's LAN - can subsequently retrieve this residual sensitive data.
RemediationAI
No vendor-released patch has been identified at time of analysis - no Hitrontech advisory or fixed firmware version is referenced in the available data. As a compensating control, administrators should restrict access to the HI3120 web management interface to trusted hosts only, using any available ACL or firewall rules to prevent unauthorized LAN clients from reaching the management port. Users should manually clear browser cache and session storage after each management session rather than relying solely on the Logout function. Where possible, disabling remote or LAN-wide web management access and restricting it to a single administrative workstation reduces the window of exposure. Affected users should monitor https://github.com/kakarotossj3/CVEs/blob/main/Hitron/Insufficient%20Session%20Expiration/Details and the Hitrontech support portal for firmware updates addressing this issue.
More in Hi3120 Firmware
View allSame weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today