CVE-2025-2771 MEDIUM

CVE-2025-2771: BEC Technologies Multiple Routers Authentication Bypass Vulnerability

Vendor Bec Technologies
Product Multiple Routers
Weakness CWE-287 · Improper authentication
Published April 23, 2025
Last update April 23, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25894.

Key dates

02Disclosure timeline

April 23, 2025 CVE published
April 23, 2025 Record updated