Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for EG500Mk2-A21101-000101 by Welotec
CVE-2025-41702 (GCVE-0-2025-41702)
Vulnerability from nvd – Published: 2025-08-26 06:10 – Updated: 2025-08-26 19:39
VLAI?
Title
egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
Summary
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
Severity ?
9.8 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Welotec | EG400Mk2-D11001-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:37:50.695357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T19:39:00.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L-G",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A12011-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000201",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A21101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603W Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603L Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_w/o DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W Pro",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.\u003cbr\u003e"
}
],
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T06:10:57.464Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-076"
}
],
"source": {
"advisory": "VDE-2025-076",
"defect": [
"CERT@VDE#641843"
],
"discovery": "UNKNOWN"
},
"title": "egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41702",
"datePublished": "2025-08-26T06:10:57.464Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-08-26T19:39:00.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41702 (GCVE-0-2025-41702)
Vulnerability from cvelistv5 – Published: 2025-08-26 06:10 – Updated: 2025-08-26 19:39
VLAI?
Title
egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass
Summary
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
Severity ?
9.8 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Welotec | EG400Mk2-D11001-000101 |
Affected:
0.0.0 , < v1.7.7
(semver)
Affected: v1.8.0 , < v1.8.2 (semver) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:37:50.695357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T19:39:00.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG400Mk2-D11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503W_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L_4GB",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG503L-G",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "v1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-B11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-C11001-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A12011-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A11001-000201",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG500Mk2-A21101-000101",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG602L",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603W Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG603L Mk2",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG802W_i7_512GB_w/o DinRail",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EG804W Pro",
"vendor": "Welotec",
"versions": [
{
"lessThan": "\u003cv1.7.7",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "v1.8.2",
"status": "affected",
"version": "v1.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.\u003cbr\u003e"
}
],
"value": "The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T06:10:57.464Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/de/advisories/VDE-2025-076"
}
],
"source": {
"advisory": "VDE-2025-076",
"defect": [
"CERT@VDE#641843"
],
"discovery": "UNKNOWN"
},
"title": "egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41702",
"datePublished": "2025-08-26T06:10:57.464Z",
"dateReserved": "2025-04-16T11:17:48.310Z",
"dateUpdated": "2025-08-26T19:39:00.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}