CVE-2025-25211
CVE-2025-25211
In short
The CHOCO TEI WATCHER mini device accepts weak passwords, making it easy for attackers to guess credentials and gain unauthorized access to the system.
Technical detail
CWE-521 weak password policy in CHOCO TEI WATCHER mini (IB-MCT001) allows brute-force attacks against authentication mechanisms. Unauthenticated attackers can systematically attempt low-complexity passwords to obtain login access. Successful exploitation grants unauthorized control of the device.
Summary generated and translated by AI from the official description.
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Inaba Denki Sangyo Co., Ltd. · CHOCO TEI WATCHER mini (IB-MCT001)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://jvn.jp/en/vu/JVNVU91154745/https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04https://www.inaba.co.jp/files/chocomini_vulnerability.pdfhttps://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording