Client-side Authentication Flaw in CHOCO TEI WATCHER Mini by Inaba
CVE-2025-24517

7.5HIGH

Key Information:

Vendor

Inaba Denki Sangyo Co., Ltd.

Status
Choco Tei Watcher Mini (ib-mct001)
Vendor
CVE Published:
31 March 2025

What is CVE-2025-24517?

A vulnerability exists in all versions of the CHOCO TEI WATCHER mini (IB-MCT001) due to insufficient client-side authentication mechanisms. If exploited, a remote attacker could gain unauthorized access to sensitive login credentials, including the product's login password, without needing prior authentication. This flaw poses a significant security risk, potentially allowing malicious actors to compromise accounts and systems associated with the device.

Affected Version(s)

CHOCO TEI WATCHER mini (IB-MCT001) all versions

References

https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
https://jvn.jp/en/vu/JVNVU91154745/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.