Improper Authentication in Multilaser Sirius RE016 by Multilaser
CVE-2025-5437

6.9MEDIUM

Key Information:

Vendor

Multilaser

Status
Sirius Re016
Vendor
CVE Published:
2 June 2025

Badges

👾 Exploit Exists

What is CVE-2025-5437?

A security vulnerability has been identified in the Multilaser Sirius RE016 MLT1.0, specifically affecting the Password Change Handler located in the file /cgi-bin/cstecgi.cgi. This flaw allows for improper authentication, enabling potential unauthorized access to the system. Attackers can exploit this vulnerability remotely, increasing the risk of exploitation. Despite attempts to notify the vendor, there has been no response regarding this significant security concern. Users and admins of the affected product are advised to take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Sirius RE016 MLT1.0

References

https://vuldb.com/?id.310770
vdb-entry
https://vuldb.com/?ctiid.310770
signaturepermissions-required
https://vuldb.com/?submit.584325
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

DefaultCh40s (VulDB User)
.