Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for revpi_status by kunbus

    CVE-2025-41646 (GCVE-0-2025-41646)

    Vulnerability from nvd – Published: 2025-06-06 14:42 – Updated: 2025-06-06 15:06
    Title
    RevPi Webstatus application is vulnerable to an authentication bypass
    Summary
    An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-704 - Incorrect Type Conversion or Cast
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kunbus Revolution Pi webstatus Affected: 0.0.0 , ≤ 2.4.5 (semver)
    Create a notification for this product.
    Credits
    Ajay Anto
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T15:05:56.484231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-06T15:06:11.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Revolution Pi webstatus",
              "vendor": "Kunbus",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ajay Anto"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
                }
              ],
              "value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-704",
                  "description": "CWE-704 Incorrect Type Conversion or Cast",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-06T14:42:31.249Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_csaf"
              ],
              "url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641782"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RevPi Webstatus application is vulnerable to an authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41646",
        "datePublished": "2025-06-06T14:42:31.249Z",
        "dateReserved": "2025-04-16T11:17:48.305Z",
        "dateUpdated": "2025-06-06T15:06:11.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41646 (GCVE-0-2025-41646)

    Vulnerability from cvelistv5 – Published: 2025-06-06 14:42 – Updated: 2025-06-06 15:06
    Title
    RevPi Webstatus application is vulnerable to an authentication bypass
    Summary
    An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-704 - Incorrect Type Conversion or Cast
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kunbus Revolution Pi webstatus Affected: 0.0.0 , ≤ 2.4.5 (semver)
    Create a notification for this product.
    Credits
    Ajay Anto
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T15:05:56.484231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-06T15:06:11.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Revolution Pi webstatus",
              "vendor": "Kunbus",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Ajay Anto"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
                }
              ],
              "value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-704",
                  "description": "CWE-704 Incorrect Type Conversion or Cast",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-06T14:42:31.249Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
            },
            {
              "tags": [
                "vendor-advisory",
                "x_csaf"
              ],
              "url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#641782"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RevPi Webstatus application is vulnerable to an authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41646",
        "datePublished": "2025-06-06T14:42:31.249Z",
        "dateReserved": "2025-04-16T11:17:48.305Z",
        "dateUpdated": "2025-06-06T15:06:11.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }