Missing Authentication in Lucky Technology's LM-520 Series
CVE-2025-5876
What is CVE-2025-5876?
A significant vulnerability has been identified in Lucky Technology's LM-520 series, impacting the LM-520-SC, LM-520-FSC, and LM-520-FSC-SAM models up to version 20250321. This flaw arises from a missing authentication mechanism, which could allow an attacker to exploit the device remotely, gaining unauthorized access to critical functionalities. Despite early notifications to the vendor regarding this disclosure, no response has been received. As the details of the exploit have been made public, immediate action is advised for users of the affected products to assess their exposure and mitigate potential risks.
Affected Version(s)
LM-520-FSC 20250321
LM-520-FSC-SAM 20250321
LM-520-SC 20250321
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved