CVE-2025-5485

User names used to access the web management interface are limited to 
the device identifier, which is a numerical identifier no more than 10 
digits. A malicious actor can enumerate potential targets by 
incrementing or decrementing from known identifiers or through 
enumerating random digit sequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
icscertCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01
https://www.sinotrackgps.com/help-center