CVE-2025-3927

CRITICAL

9.8

Description

Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie5/2/2025

Derniere modification6/17/2025

Sourcenvd

Observations honeypot0

Produits affectes

digigram:pyko-out

Faiblesses (CWE)

CWE-862

References

https://www.digigram.com/download/pyko-out-user-manual-en-jan-2019/(cret@cert.org)

https://www.kb.cert.org/vuls/id/360686(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.