CVE-2025-28371 – This vulnerability allows attackers to change t... (How to Fix)

Q: What is the severity of CVE-2025-28371?

CVE-2025-28371 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to change the administrator password on EnGenius ENH500 access points without knowing the current password. Attackers with network access to the device's management interface can take full administrative control. All organizations using the affected firmware version are vulnerable.

📋 TL;DR

This vulnerability allows attackers to change the administrator password on EnGenius ENH500 access points without knowing the current password. Attackers with network access to the device's management interface can take full administrative control. All organizations using the affected firmware version are vulnerable.

💻 Affected Systems

Products:

EnGenius ENH500 AP 2T2R V3.0

Versions: FW3.7.22

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific hardware version and firmware combination listed. Other EnGenius models may have similar issues but are not confirmed.

📦 What is this software?

Enh500 Firmware by Engeniustech

View all CVEs affecting Enh500 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, traffic interception, rogue access point deployment, and lateral movement into connected networks.

🟠

Likely Case

Unauthorized administrative access allowing configuration changes, network disruption, and potential credential harvesting from connected clients.

🟢

If Mitigated

Limited to internal network attacks if management interface is not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - If management interface is exposed to internet, remote attackers can compromise the device.

🏢 Internal Only: MEDIUM - Requires internal network access but provides administrative control once accessed.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires access to the web management interface but no authentication. Proof-of-concept code is publicly available in the referenced pastebin links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check EnGenius support portal for firmware updates. 2. Download latest firmware. 3. Log into device web interface. 4. Navigate to System > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot and verify version.

🔧 Temporary Workarounds

Restrict Management Interface Access

all

Limit access to the device's web management interface to trusted IP addresses only

Configure firewall rules to restrict access to port 80/443 on the AP management IP

Disable Remote Management

all

Turn off remote management features if not required

Navigate to System > Management > Disable 'Allow Remote Management'

🧯 If You Can't Patch

Isolate affected APs on separate VLAN with strict firewall rules
Implement network monitoring for unauthorized password change attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to change admin password via web interface without providing current password. If successful, device is vulnerable.

Check Version:

Log into web interface and check System > Status > Firmware Version

Verify Fix Applied:

After firmware update, attempt the same password change test - it should fail without correct current password.

📡 Detection & Monitoring

Log Indicators:

Unusual password change events
Login attempts from unexpected IP addresses
Configuration changes without proper authentication

Network Indicators:

HTTP POST requests to password change endpoints without authentication
Unusual traffic patterns from AP management interface

SIEM Query:

source="ap_logs" AND (event_type="password_change" OR uri="/goform/setPassword")

📊 Metadata

CVE ID: CVE-2025-28371

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-284

EPSS Score: 0.11% exploit probability (29.4th percentile)

Published: May 19, 2025

Last Updated: June 12, 2025

🔗 References

https://drive.google.com/file/d/1kQFOyFQYycKynIBjbU8bMx2gYTG3Bxi2/view?usp=sharing Exploit
https://pastebin.com/raw/EnL1XT2n Third Party Advisory
https://pastebin.com/raw/hziq1nGH Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28371, you might also want to check these: