CVE-2025-24517
CVE-2025-24517
In short
The CHOCO TEI WATCHER mini device relies on client-side authentication, allowing a remote attacker to obtain the login password without needing to authenticate first. This is a serious flaw because attackers can access the device without proper credentials.
Technical detail
CWE-603 Use of Client-Side Authentication vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) allows unauthenticated remote attackers to extract the login password through client-side validation bypass. The attack vector is network-based with no authentication required; impact includes unauthorized administrative access to the device.
Summary generated and translated by AI from the official description.
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Inaba Denki Sangyo Co., Ltd. · CHOCO TEI WATCHER mini (IB-MCT001)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://jvn.jp/en/vu/JVNVU91154745/https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04https://www.inaba.co.jp/files/chocomini_vulnerability.pdfhttps://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording