FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
References
| Link | Resource |
|---|---|
| http://fs.com | Product |
| http://s3150-8t2f.com | Broken Link |
| https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
15 Jan 2026, 20:08
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fs s3150-8t2f Firmware
Fs Fs s3150-8t2f |
|
| CPE | cpe:2.3:o:fs:s3150-8t2f_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:fs:s3150-8t2f:-:*:*:*:*:*:*:* |
|
| References | () http://fs.com - Product | |
| References | () http://s3150-8t2f.com - Broken Link | |
| References | () https://github.com/SwiftSecur/S3150-8T2F-FS.com-Research/wiki - Exploit, Third Party Advisory |
21 Nov 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | CWE-312 |
20 Nov 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| CWE | CWE-539 |
20 Nov 2025, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-20 21:16
Updated : 2026-01-15 20:08
NVD link : CVE-2025-25613
Mitre link : CVE-2025-25613
CVE.ORG link : CVE-2025-25613
JSON object : View
Products Affected
fs
- s3150-8t2f
- s3150-8t2f_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information