CVE-2025-65212

CRITICAL

NJHYST HY511 POE <2.1 - Auth Bypass

Title source: llm

Description

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.

References (2)

[Third Party Advisory] https://gist.github.com/a2148001284/bcdda75fc8718454f16a7b9259463719

[Exploit, Third Party Advisory] https://github.com/a2148001284/test1/blob/main/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%90%8E%E5%8F%B0%E6%BC%8F%E6%B4%9EEN.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-565

Status published

Products (1)

njhyst/hy511_firmware < 2.1

Published Jan 06, 2026

Tracked Since Feb 18, 2026