CVE-2024-25736
HIGHWyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated Denial of Service via Reboot Endpoint
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2024-25736. PoCs published by hyp3rlinx.
AI-analyzed exploit summary This exploit demonstrates an incorrect access control vulnerability in WyreStorm Apollo VX20 devices before 1.3.58, allowing unauthenticated remote attackers to restart the device via a simple HTTP GET request to /device/reboot.
Description
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
Exploits (1)
exploitdb
WORKING POC
by hyp3rlinx · textdosmultiple
https://www.exploit-db.com/exploits/51815
This exploit demonstrates an incorrect access control vulnerability in WyreStorm Apollo VX20 devices before 1.3.58, allowing unauthenticated remote attackers to restart the device via a simple HTTP GET request to /device/reboot.
Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:
WyreStorm Apollo VX20 < 1.3.58
No auth needed
Prerequisites:
Network access to the target device
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory
https://hyp3rlinx.altervista.org
Mailing List
http://seclists.org/fulldisclosure/2024/Feb/8
Exploit, VDB Entry
http://packetstormsecurity.com/files/177083
Scores
CVSS v3
7.5
EPSS
0.0915
EPSS Percentile
92.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
wyrestorm/apollo_vx20_firmware
< 1.3.58
Published
Mar 27, 2024
Tracked Since
Feb 18, 2026