Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
eWON Firmware 12.2 to 13.0: Attackers can steal sensitive user data
CVE-2019-25470
Summary
Versions 12.2 to 13.0 of eWON Firmware have a security flaw that lets hackers access sensitive user information without needing a password. This is a serious issue because attackers could use this data to gain control of the system or disrupt operations. To protect your system, update to a newer version of the firmware as soon as possible.
Original title
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoi...
Original description
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026