CVE-2025-2770

MEDIUM

Bectechnologies Router Firmware - Information Disclosure

Title source: rule

Description

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986.

References (1)

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-25-186/

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312 CWE-256

Status published

Products (1)

bectechnologies/router_firmware

Published Apr 23, 2025

Tracked Since Feb 18, 2026