CVE-2025-63206

{"id": "CVE-2025-63206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-11-19T18:15:48.647", "references": [{"url": "http://dasansmc.com/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser."}], "lastModified": "2025-12-31T14:09:23.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dasannetworks:ds2924_firmware:1.01.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AC6B51-3934-430A-A9D5-95D9BD9874F0"}, {"criteria": "cpe:2.3:o:dasannetworks:ds2924_firmware:1.02.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A246406-213F-420A-BB54-82E51FF2B8B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dasannetworks:ds2924:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2335BCDB-543B-4022-9143-40F80F7F4F68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}