TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-66255

CRITICAL
9.8

Descricao

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.  The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/26/2025
Ultima modificacao12/3/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

dbbroadcast:mozart_dds_next_100dbbroadcast:mozart_dds_next_1000dbbroadcast:mozart_dds_next_1000_firmwaredbbroadcast:mozart_dds_next_100_firmwaredbbroadcast:mozart_dds_next_2000dbbroadcast:mozart_dds_next_2000_firmwaredbbroadcast:mozart_dds_next_30dbbroadcast:mozart_dds_next_300dbbroadcast:mozart_dds_next_3000dbbroadcast:mozart_dds_next_3000_firmwaredbbroadcast:mozart_dds_next_300_firmwaredbbroadcast:mozart_dds_next_30_firmwaredbbroadcast:mozart_dds_next_3500dbbroadcast:mozart_dds_next_3500_firmwaredbbroadcast:mozart_dds_next_50dbbroadcast:mozart_dds_next_500dbbroadcast:mozart_dds_next_500_firmwaredbbroadcast:mozart_dds_next_50_firmwaredbbroadcast:mozart_dds_next_6000dbbroadcast:mozart_dds_next_6000_firmwaredbbroadcast:mozart_dds_next_7000dbbroadcast:mozart_dds_next_7000_firmwaredbbroadcast:mozart_next_100dbbroadcast:mozart_next_1000dbbroadcast:mozart_next_1000_firmwaredbbroadcast:mozart_next_100_firmwaredbbroadcast:mozart_next_2000dbbroadcast:mozart_next_2000_firmwaredbbroadcast:mozart_next_30dbbroadcast:mozart_next_300dbbroadcast:mozart_next_3000dbbroadcast:mozart_next_3000_firmwaredbbroadcast:mozart_next_300_firmwaredbbroadcast:mozart_next_30_firmwaredbbroadcast:mozart_next_3500dbbroadcast:mozart_next_3500_firmwaredbbroadcast:mozart_next_50dbbroadcast:mozart_next_500dbbroadcast:mozart_next_500_firmwaredbbroadcast:mozart_next_50_firmwaredbbroadcast:mozart_next_6000dbbroadcast:mozart_next_6000_firmwaredbbroadcast:mozart_next_7000dbbroadcast:mozart_next_7000_firmware

Fraquezas (CWE)

CWE-345CWE-434

Referencias

https://www.abdulmhsblog.com/posts/webfmvulns/(b7efe717-a805-47cf-8e9a-921fca0ce0ce)
https://www.abdulmhsblog.com/posts/webfmvulns/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.