Improper Authorization in China Mobile Telnet Service Affects Multiple Products
CVE-2025-2397

4.8MEDIUM

Key Information:

Vendor

China Mobile

Status
P22g-ciac
Zxwt-mig-p4g4v
Zxwt-mig-p8g8v
Gt3200-4g4p
Vendor
CVE Published:
17 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2397?

An improper authorization vulnerability has been identified in the Telnet Service associated with several China Mobile products. This issue affects code within the service that fails to properly authenticate requests, allowing unauthorized users to execute commands. The vulnerability can only be exploited by an attacker within the same local network, posing significant risks to network security. Although the vendor was notified about this vulnerability, no response has been received, leaving users potentially exposed to attacks. Users are advised to be vigilant and consider implementing additional security measures.

Affected Version(s)

GT3200-4G4P 20250305

GT3200-8G8P 20250305

P22g-CIac 20250305

References

https://vuldb.com/?id.299896
vdb-entry
https://vuldb.com/?ctiid.299896
signaturepermissions-required
https://vuldb.com/?submit.514957
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

FizzL (VulDB User)
.