CVE-2025-9994
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-11-03
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amped_rf | bt-ap_111 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is that the Amp'ed RF BT-AP 111 Bluetooth access point's HTTP admin interface lacks any authentication feature, which means anyone with network access can access the admin interface without needing credentials.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to access and potentially control the Bluetooth access point's administrative functions, which could lead to unauthorized configuration changes, network disruption, or exposure of sensitive device settings.
What immediate steps should I take to mitigate this vulnerability?
Since the Ampβed RF BT-AP 111 Bluetooth access point's HTTP admin interface lacks authentication, immediate mitigation steps include restricting network access to the device's management interface by implementing network segmentation or firewall rules, disabling the HTTP admin interface if possible, or placing the device in a secure network zone accessible only to trusted administrators.