Authentication Flaw in Airpointer 2.4.107-2 Affects Web Portal Security
CVE-2025-4633

6.5MEDIUM

Key Information:

Vendor: Jct
Status: Airpointer
Vendor: CVE Published:; 30 May 2025

What is CVE-2025-4633?

The Airpointer product version 2.4.107-2 contains a significant security vulnerability where default credentials are hardcoded into the web portal. This allows malicious actors to gain unauthorized access without authentication, potentially leading to data breaches and exploitation of the system. Users should take immediate action to secure their devices and change default passwords to prevent any unauthorized access.

Affected Version(s)

Airpointer 2.4.107-2

References

https://jct-aq.com/products/airpointer2d/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
May 13, 2025

Jct

What is CVE-2025-4633?

Affected Version(s)

References

CVSS V3.1

Timeline