Axel Technology WOLF1MS/WOLF2MS Unauthenticated Access Vulnerability (CVE-2025-63218)

Critical Vulnerability Information Vulnerability Details CVE ID: CVE-2025-63218 Affected Vendor: Axel Technology Affected Products and Versions: - WOLF1MS: Firmware Version 0.8.5 to 1.0.3 - WOLF2MS: Firmware Version 0.8.5 to 1.0.3 Vulnerable Interface: Vulnerability Type Category: Broken Access Control Specific Issue: Improper Authorization Vulnerability Impact Severity: High Possible Attack Actions: - Enumerate existing user accounts - Add new administrator users - Delete existing users - Full control over the device Affected Components Access Control: Direct access to sensitive management interface without authentication User Management: Ability to add, modify, or delete user accounts without authentication Privilege Escalation: Attackers can gain administrative control over the device Attack Vector Access Method: Remote, via HTTP Authentication Required: None (unauthenticated) Exploitation Complexity: Low, requires simple HTTP requests Proof of Concept (PoC) Includes examples of enumerating existing users, adding a new administrator user, verifying the existence of the new user, and deleting existing users, along with a Python script to automate the attack process. Vulnerability Type Information Type: Broken Access Control CWE ID: CWE-284 (Improper Access Control) Type: Improper Authorization CWE ID: CWE-285 (Improper Authorization) Recommended Remediation Includes implementing mandatory authentication, strengthening access controls, ensuring proper session management, and input validation. Mitigation and Temporary Workarounds Before a patch is released, administrators should restrict access to the interface, monitor network traffic, enforce VPN usage, or disable public access as preventive measures.

Goal Reached Thanks to every supporter — we hit 100%!

Axel Technology WOLF1MS/WOLF2MS Unauthenticated Access Vulnerability (CVE-2025-63218)

More from this source