CVE-2025-41696: An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access…

medium4.6CVSS 3.1

AVPACLPRNUINSUCHINAN

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

Affected

69 ranges· showing 25

Vendor	Product	Version range	Fixed in
phoenixcontact	fl_nat_2008_firmware	< 3.50	3.50
phoenixcontact	fl_nat_2208_firmware	< 3.50	3.50
phoenixcontact	fl_nat_2304-2gc-2sfp_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2005_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2008_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2008f_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2016_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2105_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2108_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2116_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2204-2tc-2sfx_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2205_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2fx_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2fx_sm_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2fx_sm_st_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2fx_st_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2sfx_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206-2sfx_pn_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2206c-2fx_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2207-fx_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2207-fx_sm_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2208_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2208_pn_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2208c_firmware	< 3.50	3.50
phoenixcontact	fl_switch_2212-2tc-2sfx_firmware	< 3.50	3.50