CVE-2025-63206 – An authentication bypass vulnerability in Dasan... (How to Fix)

Q: What is the severity of CVE-2025-63206?

CVE-2025-63206 has a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability in Dasan Switch DS2924 web interface allows attackers to gain escalated privileges by storing crafted cookies in the browser. This affects firmware versions 1.01.18 and 1.02.00, potentially compromising network switches and connected systems.

📋 TL;DR

An authentication bypass vulnerability in Dasan Switch DS2924 web interface allows attackers to gain escalated privileges by storing crafted cookies in the browser. This affects firmware versions 1.01.18 and 1.02.00, potentially compromising network switches and connected systems.

💻 Affected Systems

Products:

Dasan Switch DS2924

Versions: 1.01.18, 1.02.00

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects web-based management interface. CLI access unaffected.

📦 What is this software?

Ds2924 Firmware by Dasannetworks

View all CVEs affecting Ds2924 Firmware →

Ds2924 Firmware by Dasannetworks

View all CVEs affecting Ds2924 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of network switch allowing reconfiguration, traffic interception, lateral movement to connected systems, and persistent backdoor access.

🟠

Likely Case

Unauthorized administrative access to switch configuration, enabling network disruption, VLAN manipulation, and credential harvesting.

🟢

If Mitigated

Limited impact if switches are isolated, have strict network controls, and authentication bypass attempts are detected and blocked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit involves crafting specific cookies to bypass authentication checks. Public research available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://dasansmc.com/

Restart Required: No

Instructions:

1. Check vendor website for firmware updates. 2. If patch available, download and apply via web interface or TFTP. 3. Verify patch application by checking firmware version.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable HTTP/HTTPS web interface and use CLI/SSH only for management

configure terminal
no ip http server
no ip http secure-server
end
write memory

Restrict Management Access

all

Limit web interface access to specific management IPs using ACLs

configure terminal
access-list 10 permit 192.168.1.0 0.0.0.255
ip http access-class 10
ip http secure-server access-class 10
end
write memory

🧯 If You Can't Patch

Isolate affected switches in separate VLAN with strict firewall rules
Implement network monitoring for authentication bypass attempts and cookie manipulation

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or CLI command 'show version'. If version is 1.01.18 or 1.02.00, system is vulnerable.

Check Version:

show version

Verify Fix Applied:

After applying workarounds, attempt to access web interface from unauthorized IPs or test cookie manipulation attempts.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful access
Unusual cookie values in HTTP requests
Administrative configuration changes from unexpected IPs

Network Indicators:

HTTP requests with crafted cookie headers to switch management IP
Unusual administrative traffic patterns

SIEM Query:

source="switch_logs" AND (http_cookie CONTAINS "admin" OR http_cookie CONTAINS "privilege")

📊 Metadata

CVE ID: CVE-2025-63206

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

EPSS Score: 0.18% exploit probability (39th percentile)

Published: November 19, 2025

Last Updated: December 31, 2025

🔗 References

http://dasansmc.com/ Broken Link
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass Exploit,Third Party Advisory
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63206, you might also want to check these: