Vulnerability Description
A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provis
- https://vuldb.com/?ctiid.290203
- https://vuldb.com/?id.290203
- https://vuldb.com/?submit.467085
FAQ
What is CVE-2025-0224?
CVE-2025-0224 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected ...
How severe is CVE-2025-0224?
CVE-2025-0224 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0224?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.