Weak Encoding for Password
CVE-2025-11155
Summary
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.
- LOW
- ADJACENT
- ACTIVE
- NONE
CWE-261 - Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
References
Advisory Timeline
- Published
