CVE-2025-63206

{"id": "CVE-2025-63206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-11-19T18:15:48.647", "references": [{"url": "http://dasansmc.com/", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser."}], "lastModified": "2025-12-31T14:09:23.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dasannetworks:ds2924_firmware:1.01.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AC6B51-3934-430A-A9D5-95D9BD9874F0"}, {"criteria": "cpe:2.3:o:dasannetworks:ds2924_firmware:1.02.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A246406-213F-420A-BB54-82E51FF2B8B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dasannetworks:ds2924:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2335BCDB-543B-4022-9143-40F80F7F4F68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}