Missing Authentication in Lucky Technology's LM-520 Series
CVE-2025-5876

6.9MEDIUM

Key Information:

Vendor

Lucky

Vendor
CVE Published:
9 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5876?

A significant vulnerability has been identified in Lucky Technology's LM-520 series, impacting the LM-520-SC, LM-520-FSC, and LM-520-FSC-SAM models up to version 20250321. This flaw arises from a missing authentication mechanism, which could allow an attacker to exploit the device remotely, gaining unauthorized access to critical functionalities. Despite early notifications to the vendor regarding this disclosure, no response has been received. As the details of the exploit have been made public, immediate action is advised for users of the affected products to assess their exposure and mitigate potential risks.

Affected Version(s)

LM-520-FSC 20250321

LM-520-FSC-SAM 20250321

LM-520-SC 20250321

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

zeke (VulDB User)
.