← back
CVE-2025-13477

OTP Bypass in Digital Operation Services' WifiBurada

CVSS 7.1 HIGHEPSS 0.2%CWE-359CWE-522
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 May 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
Digital Operations Services Inc. · WifiBurada

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0284