CVE-2025-36754

Vulnerability Description

The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or authentication in place. This would allow an attacker for instance to point the device to an arbitrary address for domain name resolution to e.g. facililitate a man-in-the-middle (MitM) attack.

Related Weaknesses (CWE)

CWE-290

References

https://csirt.divd.nl/CVE-2025-36754/

FAQ

What is CVE-2025-36754?

CVE-2025-36754 is a documented vulnerability. The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token o...

How severe is CVE-2025-36754?

CVSS scoring is not yet available for CVE-2025-36754. Check NVD for updates.

Is there a patch for CVE-2025-36754?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.