CVE-2025-41692
MEDIUMPhoenixcontact FL NAT/SWITCH Firmware <= 3.50 - Weak Password Generation
Title source: llmDescription
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
Scores
CVSS v3
6.8
EPSS
0.0003
EPSS Percentile
8.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-916
Status
published
Products (50)
phoenixcontact/fl_nat_2008_firmware
< 3.50
phoenixcontact/fl_nat_2208_firmware
< 3.50
phoenixcontact/fl_nat_2304-2gc-2sfp_firmware
< 3.50
phoenixcontact/fl_switch_2005_firmware
< 3.50
phoenixcontact/fl_switch_2008_firmware
< 3.50
phoenixcontact/fl_switch_2008f_firmware
< 3.50
phoenixcontact/fl_switch_2016_firmware
< 3.50
phoenixcontact/fl_switch_2105_firmware
< 3.50
phoenixcontact/fl_switch_2108_firmware
< 3.50
phoenixcontact/fl_switch_2116_firmware
< 3.50
... and 40 more
Published
Dec 09, 2025
Tracked Since
Feb 18, 2026