CVE-2025-47697

Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN51394666/	Third Party Advisory
https://www.uchida.co.jp/wivia/support02.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:uchida:wivia_5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:uchida:wivia_5:-:*:*:*:*:*:*:*

History

04 Jun 2025, 19:57

Type	Values Removed	Values Added
References	~~() https://jvn.jp/en/jp/JVN51394666/ -~~	() https://jvn.jp/en/jp/JVN51394666/ - Third Party Advisory
References	~~() https://www.uchida.co.jp/wivia/support02.html -~~	() https://www.uchida.co.jp/wivia/support02.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo
First Time		Uchida Uchida wivia 5 Firmware Uchida wivia 5
CPE		cpe:2.3:h:uchida:wivia_5:-:::::::* cpe:2.3:o:uchida:wivia_5_firmware::::::::

30 May 2025, 16:31

Type	Values Removed	Values Added
Summary		(es) Existe un problema de aplicación de la seguridad del lado del cliente en el lado del servidor en todas las versiones de Wivia 5. Si se explota, un atacante no autenticado podría eludir la autenticación y usar el dispositivo afectado como moderador.

30 May 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-30 07:15

Updated : 2025-06-04 19:57

NVD link : CVE-2025-47697

Mitre link : CVE-2025-47697

CVE.ORG link : CVE-2025-47697

JSON object : View

Products Affected

uchida

wivia_5_firmware
wivia_5

CWE

CWE-602

Client-Side Enforcement of Server-Side Security

NVD-CWE-noinfo

{"id": "CVE-2025-47697", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-30T07:15:22.683", "references": [{"url": "https://jvn.jp/en/jp/JVN51394666/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.uchida.co.jp/wivia/support02.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-602"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user."}, {"lang": "es", "value": "Existe un problema de aplicaci\u00f3n de la seguridad del lado del cliente en el lado del servidor en todas las versiones de Wivia 5. Si se explota, un atacante no autenticado podr\u00eda eludir la autenticaci\u00f3n y usar el dispositivo afectado como moderador."}], "lastModified": "2025-06-04T19:57:39.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:uchida:wivia_5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D66AC84-9FE0-46ED-A903-549152E7E641"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:uchida:wivia_5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A9F1290-7517-4346-B1B8-8AC367BE198E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}