# CVE-2025-48461
Predictable session cookies that can be bruteforced to gain unauthorized access to Advantech WISE portal
# Summary
During examination of Advantech WISE-4060 web portal, I have discovered that the session cookies used to authenticate to the web portal follows the pattern ```60D01EXXXXX```. This allows any unauthorized attacker to generate all possible permutations of all the session cookies and carry out a bruteforce attack against the portal to find a valid session cookie used to authenticate to the web portal.
This vulnerability was discovered during SPIRICYBER-24 IoT/ OT Hackathon organized by CSA(Cybersecurity Agency of Singapore)
# Impact
Any unauthorized user is able to authenticate as an admin user and modify settings/firmware for Advantech WISE-4060
# References
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/
https://www.cve.org/CVERecord?id=CVE-2025-48461
# Timeline
- 2024-08-10: Report submitted to SpiritCyber IoT Hackathon triage team
- 2024-08-20: Report accepted by triage team
- 2025-06-17: CSA SingCert assigns CVE-2025-48461
- 2025-06-24: Public disclosure
[4.0K] /data/pocs/e4d5b79487361acd2423bd8635480c4eff77801e
└── [1.1K] README.md
0 directories, 1 file