CVE-2025-8286

The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01

Configurations

No configuration.

History

15 Aug 2025, 21:15

Type	Values Removed	Values Added
Summary	(en) Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.	(en) The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) Los dispositivos de monitoreo sísmico de la serie Güralp FMUS exponen una interfaz de línea de comandos basada en Telnet no autenticada que podría permitir a un atacante modificar configuraciones de hardware, manipular datos o restablecer el dispositivo de fábrica.

31 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 20:15

Updated : 2025-08-15 21:15

NVD link : CVE-2025-8286

Mitre link : CVE-2025-8286

CVE.ORG link : CVE-2025-8286

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-8286", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T20:15:46.350", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device."}, {"lang": "es", "value": "Los dispositivos de monitoreo s\u00edsmico de la serie G\u00fcralp FMUS exponen una interfaz de l\u00ednea de comandos basada en Telnet no autenticada que podr\u00eda permitir a un atacante modificar configuraciones de hardware, manipular datos o restablecer el dispositivo de f\u00e1brica."}], "lastModified": "2025-08-15T21:15:37.030", "sourceIdentifier": "ics-cert@hq.dhs.gov"}