Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among other features. The application has been developed in PHP with the webEASY SDK, also named ‘ewb’ by Evertz. This web interface has two endpoints that are vulnerable to arbitrary command injection (CVE-2025-4009, CVE-2025-10364) and the authentication mechanism has a flaw leading to authentication bypass (CVE-2025-10365). Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices. This level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others.

N/A

认证机制不恰当

Evertz SDVN 3080ipx-10G 安全漏洞

Evertz SDVN 3080ipx-10G是Evertz公司的一款用于视频应用的高带宽以太网交换结构。 Evertz SDVN 3080ipx-10G存在安全漏洞，该漏洞源于web管理接口存在任意命令注入和身份验证绕过问题，可能导致远程未经验证的攻击者以root权限执行任意命令。

N/A

N/A