CVE-2025-22962
📋 TL;DR
A critical remote code execution vulnerability in GatesAir Maxiva UAXT/VAXT transmitters allows authenticated attackers to execute arbitrary commands via crafted POST requests to the /json endpoint when debugging mode is enabled. This affects organizations using these broadcast transmitters with web management interfaces exposed. Attackers can achieve full system compromise.
💻 Affected Systems
- GatesAir Maxiva UAXT
- GatesAir Maxiva VAXT
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full device takeover leading to transmitter control disruption, unauthorized broadcast content injection, privilege escalation to root, and lateral movement to other network systems.
Likely Case
Unauthorized access to transmitter configuration, data exfiltration, service disruption, and installation of persistent backdoors.
If Mitigated
Limited impact if debugging mode is disabled and proper network segmentation is implemented, though authenticated users could still exploit if debugging is accidentally enabled.
🎯 Exploit Status
Requires valid session ID (sess_id) and debugging mode enabled. Attack involves crafting POST requests to /json endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with GatesAir for specific patched versions
Vendor Advisory: https://www.gatesair.com/support/security-advisories
Restart Required: No
Instructions:
1. Contact GatesAir support for latest firmware updates. 2. Apply firmware patch provided by vendor. 3. Verify debugging mode remains disabled after update.
🔧 Temporary Workarounds
Disable Debugging Mode
allDisable debugging functionality in transmitter web interface to prevent exploitation
Access web interface > System Settings > Debugging > Disable
Network Segmentation
allIsolate transmitter management interfaces from untrusted networks
Configure firewall rules to restrict access to transmitter IP:port from authorized management stations only
🧯 If You Can't Patch
- Ensure debugging mode is permanently disabled in all transmitter configurations
- Implement strict network access controls and monitor for unauthorized access attempts to /json endpoint
🔍 How to Verify
Check if Vulnerable:
Check if debugging mode is enabled in web interface and verify firmware version against vendor advisoryCheck Version:
Check web interface System Information page or use vendor-specific CLI commandsVerify Fix Applied:
Confirm debugging mode is disabled and firmware version matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /json endpoint
- Multiple failed authentication attempts followed by successful sess_id usage
- Commands execution logs from transmitter system
Network Indicators:
- Unusual traffic patterns to transmitter management interface
- POST requests with command injection patterns to /json endpoint
SIEM Query:
source="transmitter_logs" AND (url_path="/json" OR message="debugging" OR message="command execution")