CVE-2025-54810 HIGH

CVE-2025-54810: Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay

Vendor Cognex
Product In-Sight 2000 series
Weakness CWE-294
Published September 18, 2025
Last update September 19, 2025

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.

Key dates

02Disclosure timeline

September 18, 2025 CVE published
September 19, 2025 Record updated