Vulnerability Description
AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Related Weaknesses (CWE)
References
- https://github.com/AbhijithAJ/AutoConnect_IoT_Lib_vulnerability/blob/main/Report
- https://github.com/Hieromon/AutoConnect/issues/632
- https://github.com/AbhijithAJ/AutoConnect_IoT_Lib_vulnerability/blob/main/Report
FAQ
What is CVE-2025-50740?
CVE-2025-50740 is a vulnerability with a CVSS score of 6.1 (MEDIUM). AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network S...
How severe is CVE-2025-50740?
CVE-2025-50740 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-50740?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.