cbcvebase.
CVE-2025-0674
published 2025-02-07

CVE-2025-0674: Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.80%
88.7th percentile
Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.

Affected

5 ranges
VendorProductVersion rangeFixed in
elbercleber_3_broadcast_multi-purpose_platform
elberese_dvb-s_s2_satellite_receiver<= 1.5.179
elberreble610_m_odu_xpic_ip-asi-sdh
elbersignum_dvb-s_s2_ird<= 1.999
elberwayber_analog_digital_audio_stl

Detection & IOCsextracted from sources · hover to see the quote

url/modules/pwd.html
url/json_data/set_pwd?lev=2&pass=admin1234
commandGET /json_data/set_pwd?lev=2&pass=admin1234
  • Probe for the password management page at /modules/pwd.html; a response containing 'Manage system Password' confirms a vulnerable Elber device is present.
  • Exploitation attempt is a single unauthenticated GET to /json_data/set_pwd with query parameters lev and pass; a response body containing 'Apply successfully' confirms successful password overwrite.
  • Use FOFA query 'title="Elber Satellite Equipment" || body="www.elber.it"' to identify internet-exposed Elber devices for targeted scanning.
  • Response keyword 'Apply successfully' in the body of a reply to /json_data/set_pwd indicates the unauthenticated password reset succeeded.
  • Affected products include Signum DVB-S/S2 IRD (≤1.999), Cleber/3 v1.0, Reble610 v0.01, ESE DVB-S/S2 (≤1.5.179), and Wayber v4; fingerprint these version strings during asset discovery.
  • ·Elber has confirmed it does not plan to patch these vulnerabilities because the affected equipment is end-of-life or near end-of-life; no vendor fix is forthcoming.
  • ·Public exploits are already available for this vulnerability, raising the urgency of network-level controls.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.