Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5485

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequences.

Published

2025-06-12T20:15:22.283

Last Modified

2025-06-16T12:32:18.840

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-204

Affected Vendors & Products

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01 ([email protected])
https://www.sinotrackgps.com/help-center ([email protected])