CVE-2025-13477
Authentication Bypass in WifiBurada via Credential Exposure
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digital_operations_services_inc | wifiburada | to 21052026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of private personal information to unauthorized actors and an authentication bypass due to insufficiently protected credentials in WifiBurada. Such exposure of personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.
Specifically, GDPR mandates strict controls on personal data confidentiality and integrity, and breaches can result in significant penalties. Similarly, HIPAA requires protection of personal health information, and unauthorized exposure could violate its security rules.
Can you explain this vulnerability to me?
This vulnerability in Digital Operations Services Inc. WifiBurada allows an unauthorized actor to bypass authentication due to insufficiently protected credentials. As a result, private personal information can be exposed to unauthorized individuals.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of private personal information to unauthorized actors. This means sensitive data could be accessed without permission, potentially leading to privacy breaches and misuse of personal information.