CVE-2025-65212 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-65212?

CVE-2025-65212 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to download the core configuration file from NJHYST HY511 POE devices, extract MD5-hashed passwords, and gain administrative access to the device backend. It affects all devices running core versions before 2.1 and plugins before 0.1. Attackers can completely compromise affected devices without any authentication.

📋 TL;DR

This vulnerability allows unauthenticated attackers to download the core configuration file from NJHYST HY511 POE devices, extract MD5-hashed passwords, and gain administrative access to the device backend. It affects all devices running core versions before 2.1 and plugins before 0.1. Attackers can completely compromise affected devices without any authentication.

💻 Affected Systems

Products:

NJHYST HY511 POE

Versions: Core versions before 2.1, Plugin versions before 0.1

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Hy511 Firmware by Njhyst

View all CVEs affecting Hy511 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network compromise, data theft, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized administrative access to device management, configuration changes, and potential credential harvesting from the configuration file.

🟢

If Mitigated

Limited to attempted exploitation attempts that fail due to proper network segmentation and access controls.

🌐 Internet-Facing: HIGH - Internet-facing devices are directly exploitable without authentication.

🏢 Internal Only: HIGH - Internal devices are vulnerable to any internal attacker or compromised host.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP requests to download configuration file and MD5 password cracking (trivial for weak passwords). Public references demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Core 2.1 or later, Plugins 0.1 or later

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Contact NJHYST for updated firmware. 2. Backup current configuration. 3. Apply firmware update to Core 2.1+ and Plugins 0.1+. 4. Restart device. 5. Verify fix by attempting to access configuration file without authentication.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NJHYST HY511 POE devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement firewall rules to only allow management access from trusted IP addresses.

🧯 If You Can't Patch

Immediately remove devices from internet-facing networks and place behind strict firewall rules.
Monitor for unauthorized configuration file access attempts and implement network-based intrusion detection.

🔍 How to Verify

Check if Vulnerable:

Attempt to access the configuration file URL without authentication. If the file downloads, the device is vulnerable.

Check Version:

Check device web interface or CLI for firmware version. Should show Core >=2.1 and Plugins >=0.1.

Verify Fix Applied:

After patching, attempt to access the configuration file URL without authentication. Access should be denied.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated requests to configuration file paths
Multiple failed login attempts followed by successful login from new IP

Network Indicators:

HTTP GET requests to configuration file endpoints from unauthorized sources
Unusual administrative access patterns

SIEM Query:

source_ip NOT IN trusted_networks AND (url_path CONTAINS 'config' OR url_path CONTAINS 'backup') AND response_code=200

📊 Metadata

CVE ID: CVE-2025-65212

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-565

EPSS Score: 0.06% exploit probability (17.9th percentile)

Published: January 6, 2026

Last Updated: January 29, 2026

🔗 References

https://gist.github.com/a2148001284/bcdda75fc8718454f16a7b9259463719 Third Party Advisory
https://github.com/a2148001284/test1/blob/main/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%90%8E%E5%8F%B0%E6%BC%8F%E6%B4%9EEN.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65212, you might also want to check these: