CVE-2025-63224
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| itel | dab_encoder | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Itel DAB Encoder has a vulnerability where the system improperly validates JWT tokens. This means an attacker who obtains a valid JWT token from one device can reuse it to authenticate and gain administrative access to any other device running the same firmware, regardless of different passwords or networks.
How can this vulnerability impact me? :
This vulnerability allows attackers to fully compromise affected devices by gaining administrative access without proper authentication, potentially leading to unauthorized control and manipulation of the devices.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70