CVE-2025-7357
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-17
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| liteon | ic80a | * |
| liteon | ic48a | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves LITEON IC48A and IC80A firmware versions storing FTP server access credentials in cleartext within their system logs. This means sensitive login information is not encrypted or protected, making it accessible to anyone who can view the logs.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to FTP servers because attackers or unauthorized users who access the system logs can obtain the FTP credentials in cleartext. This can result in data breaches, unauthorized data modification, or further compromise of the affected systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Storing access credentials in cleartext in system logs can violate security requirements of standards like GDPR and HIPAA, which mandate protection of sensitive information. This vulnerability could lead to non-compliance due to inadequate protection of access credentials, increasing the risk of data breaches and associated regulatory penalties.