CVE-2025-41692
high-risk
Published 2025-12-09
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Fl Switch 2708 Pn Firmware
Fl Switch 2708 Firmware
Fl Switch 2608 Pn Firmware
Fl Switch 2608 Firmware
Fl Switch 2516 Pn Firmware
Fl Switch 2208C Firmware
Fl Switch 2208 Pn Firmware
Fl Switch 2208 Firmware
Fl Switch 2207-Fx Sm Firmware
Fl Switch 2207-Fx Firmware
Fl Switch 2206C-2Fx Firmware
Fl Switch 2206-2Sfx Pn Firmware
Fl Switch 2206-2Sfx Firmware
Fl Switch 2206-2Fx St Firmware
Fl Switch 2206-2Fx Sm St Firmware
Fl Switch 2206-2Fx Sm Firmware
Fl Switch 2206-2Fx Firmware
Fl Switch 2205 Firmware
Fl Switch 2204-2Tc-2Sfx Firmware
Fl Switch 2116 Firmware
Affected Vendors
References (1)
Third Party Advisory
https://certvde.com/de/advisories/VDE-2025-071
53
/ 100
high-risk
Severity
25/34 · High
Exploitability
0/34 · Minimal
Exposure
28/34 · Critical