Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-45814

Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.

Published

2025-07-02T17:15:53.557

Last Modified

2025-10-10T19:45:37.673

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	novelsat	ns3000_firmware	7.2.8.124852	Yes
Operating System	novelsat	ns3000_firmware	8.1.1.125110	Yes
Hardware	novelsat	ns3000	-	No
Operating System	novelsat	ns2000_firmware	7.02.08	Yes
Hardware	novelsat	ns2000	-	No

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-45814 Exploit, Third Party Advisory ([email protected])
https://novelsat.com/ Product ([email protected])