CVE-2025-2772 – BEC Technologies Router Credentials Disclosure Vulnerability

April 23, 2025

CVE ID : CVE-2025-2772

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2773 – BEC Technologies Multiple Routers TCP Port 22 Command Injection Remote Code Execution Vulnerability

Next Article CVE-2025-2770 – BEC Technologies Router Cleartext Password Disclosure

Highlights

CVE-2025-42996 – SAP MDM Server Session Hijacking Vulnerability

June 9, 2025

CVE ID : CVE-2025-42996

Published : June 10, 2025, 1:15 a.m. | 23 minutes ago

Description : SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

Development Release: KDE Linux 20250906

CVE-2025-2772 – BEC Technologies Router Credentials Disclosure Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Critical vulnerability in SAP NetWeaver enables malicious file uploads

CVE-2025-50850 – CS Cart Brute Force Vendor Login

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found

Multi-Dimensional Vector Support in CocoIndex

CVE-2025-42996 – SAP MDM Server Session Hijacking Vulnerability

Meta launches new Quest 3S Xbox Edition bundle – and it comes with a lot of goodies

CVE-2025-49186 – Apache HTTP Server Authentication Bypass

I used Motorola’s $1,300 Razr Ultra, and it left me with no Samsung Galaxy Z Flip envy

CVE-2025-2772 – BEC Technologies Router Credentials Disclosure Vulnerability

Related Posts