CVE-2025-28242
published 2025-04-18CVE-2025-28242: Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.68%
74.1th percentile
Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
title:"DAEnetIP4"
- →Send a GET request to /login_ok.htm and check for HTTP 200 response containing both 'DAEnetIP4' and 'session=' strings in the body to identify vulnerable instances. ↗
- →Extract numeric session tokens from the response body using the regex pattern 'session=([0-9]+)' — a purely numeric session token indicates weak/improper session management exploitable for hijacking. ↗
- →Use FOFA query title="DAEnetIP4" or Shodan query title:"DAEnetIP4" to enumerate internet-exposed DAEnetIP4 METO devices for mass scanning. ↗
- ·Exploitation requires the attacker to be able to control or intercept session tokens — a passive network position (e.g., MitM) or access to the response from /login_ok.htm is a prerequisite. ↗
- ·The vulnerability is specific to DAEnetIP4 METO firmware version v1.25; other versions are not confirmed affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
DAEnetIP4 METO v1.25 - Session Hijacking
nuclei·CVSS 9.8
CVE-2025-28242 [CRITICAL] DAEnetIP4 METO v1.25 - Session Hijacking
DAEnetIP4 METO v1.25 - Session Hijacking
DAEnetIP4 METO v1.25 contains improper session management in the /login_ok.htm endpoint, letting attackers hijack sessions, exploit requires attacker to control or intercept session tokens.
Template:
id: CVE-2025-28242
info:
name: DAEnetIP4 METO v1.25 - Session Hijacking
author: 0x_Akoko
severity: high
description: |
DAEnetIP4 METO v1.25 contains improper session management in the /login_ok.htm endpoint, letting attackers hijack sessions, exploit requires attacker to control or intercept session tokens.
impact: |
Attackers can hijack user sessions, gaining unauthorized access to user accounts and sensitive information.
remediation: |
Implement proper session management and secure session tokens, and update to the latest version if available.
ref
No writeups or analysis indexed.
2025-04-18
Published