CVE-2025-48461

EUVD-2025-18991
Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CSACNA
5 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
advantechwise-4060lan_firmware
-
advantechwise-4050lan_firmware
-
advantechwise-4010lan_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/