Configuration Management Vulnerability in Radiflow iSAP Smart Collector
CVE-2025-3498
9.9CRITICAL
What is CVE-2025-3498?
The Radiflow iSAP Smart Collector is vulnerable to unauthorized access due to multiple unauthenticated REST APIs exposed on the management network. These APIs, accessible over TCP ports 8084 and 8086, allow an attacker with network access to retrieve and alter the device’s configuration settings. This exposure enables malicious users to execute various commands, including system reboots, undermining the security of the system and potentially leading to further exploitation.
Affected Version(s)
iSAP Smart Collector Linux 1.20 < 3.02-1