Vulnerability Details CVE-2025-2772
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2025-2772
-
cpe:2.3:o:bectechnologies:router_firmware:-