TROYANOSYVIRUS
Volver a CVEs

CVE-2025-66256

CRITICAL
9.8

Descripcion

Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files. The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload malicious files.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/26/2025
Ultima modificacion12/3/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

dbbroadcast:mozart_dds_next_100dbbroadcast:mozart_dds_next_1000dbbroadcast:mozart_dds_next_1000_firmwaredbbroadcast:mozart_dds_next_100_firmwaredbbroadcast:mozart_dds_next_2000dbbroadcast:mozart_dds_next_2000_firmwaredbbroadcast:mozart_dds_next_30dbbroadcast:mozart_dds_next_300dbbroadcast:mozart_dds_next_3000dbbroadcast:mozart_dds_next_3000_firmwaredbbroadcast:mozart_dds_next_300_firmwaredbbroadcast:mozart_dds_next_30_firmwaredbbroadcast:mozart_dds_next_3500dbbroadcast:mozart_dds_next_3500_firmwaredbbroadcast:mozart_dds_next_50dbbroadcast:mozart_dds_next_500dbbroadcast:mozart_dds_next_500_firmwaredbbroadcast:mozart_dds_next_50_firmwaredbbroadcast:mozart_dds_next_6000dbbroadcast:mozart_dds_next_6000_firmwaredbbroadcast:mozart_dds_next_7000dbbroadcast:mozart_dds_next_7000_firmwaredbbroadcast:mozart_next_100dbbroadcast:mozart_next_1000dbbroadcast:mozart_next_1000_firmwaredbbroadcast:mozart_next_100_firmwaredbbroadcast:mozart_next_2000dbbroadcast:mozart_next_2000_firmwaredbbroadcast:mozart_next_30dbbroadcast:mozart_next_300dbbroadcast:mozart_next_3000dbbroadcast:mozart_next_3000_firmwaredbbroadcast:mozart_next_300_firmwaredbbroadcast:mozart_next_30_firmwaredbbroadcast:mozart_next_3500dbbroadcast:mozart_next_3500_firmwaredbbroadcast:mozart_next_50dbbroadcast:mozart_next_500dbbroadcast:mozart_next_500_firmwaredbbroadcast:mozart_next_50_firmwaredbbroadcast:mozart_next_6000dbbroadcast:mozart_next_6000_firmwaredbbroadcast:mozart_next_7000dbbroadcast:mozart_next_7000_firmware

Debilidades (CWE)

CWE-434

Referencias

https://www.abdulmhsblog.com/posts/webfmvulns/(b7efe717-a805-47cf-8e9a-921fca0ce0ce)
https://www.abdulmhsblog.com/posts/webfmvulns/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.