CVE-2025-46275
📋 TL;DR
This critical vulnerability allows unauthenticated attackers to create administrator accounts on affected WGS network devices without any credentials. Attackers can gain full administrative control over these devices, potentially compromising entire networks. Organizations using WGS-80HPT-V2 or WGS-4215-8T2S devices are affected.
💻 Affected Systems
- WGS-80HPT-V2
- WGS-4215-8T2S
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete network compromise where attackers gain persistent administrative access, deploy malware, intercept all network traffic, pivot to other systems, and potentially cause physical damage in industrial environments.
Likely Case
Attackers create backdoor admin accounts, monitor network traffic, steal sensitive data, and use devices as footholds for lateral movement within the network.
If Mitigated
With proper network segmentation and monitoring, impact is limited to the affected device segment, allowing quick detection and isolation.
🎯 Exploit Status
No authentication required. Simple HTTP requests can create admin accounts. Likely to be weaponized quickly due to ease of exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware versions
Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06
Restart Required: Yes
Instructions:
1. Download latest firmware from vendor. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Reboot device. 5. Verify authentication is required for admin account creation.
🔧 Temporary Workarounds
Network Isolation
allIsolate affected devices from untrusted networks and internet
firewall rules to block all inbound traffic to device management interfaces
Access Control Lists
allRestrict management interface access to trusted IPs only
ip access-list standard MGMT-ACL
permit 10.0.0.0 0.255.255.255
deny any
interface vlan 1
ip access-group MGMT-ACL in
🧯 If You Can't Patch
- Immediately isolate devices from internet and untrusted networks
- Implement strict network segmentation and monitor for unauthorized admin account creation
🔍 How to Verify
Check if Vulnerable:
Attempt to access admin account creation endpoint without authentication. If accessible, device is vulnerable.Check Version:
show version (CLI) or check System Information in web interfaceVerify Fix Applied:
Verify authentication is required for all administrative functions, especially account creation endpoints.📡 Detection & Monitoring
Log Indicators:
- Unexpected admin account creation
- Authentication bypass attempts
- Access to account management endpoints from unauthorized IPs
Network Indicators:
- HTTP POST requests to account creation endpoints without authentication headers
- Traffic to device management interfaces from unexpected sources
SIEM Query:
source_ip NOT IN trusted_networks AND (uri_path CONTAINS 'createAdmin' OR uri_path CONTAINS 'addUser' OR uri_path CONTAINS 'account') AND http_method='POST'