CVE-2025-6529

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code	Exploit Third Party Advisory
https://vuldb.com/?ctiid.313646	Permissions Required VDB Entry
https://vuldb.com/?id.313646	Third Party Advisory VDB Entry
https://vuldb.com/?submit.595450	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:70mai:m300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:70mai:m300:-:*:*:*:*:*:*:*

History

14 Nov 2025, 14:12

Type	Values Removed	Values Added
CPE		cpe:2.3:h:70mai:m300:-:::::::* cpe:2.3:o:70mai:m300_firmware::::::::
First Time		70mai 70mai m300 Firmware 70mai m300
References	~~() https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code -~~	() https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.313646 -~~	() https://vuldb.com/?ctiid.313646 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.313646 -~~	() https://vuldb.com/?id.313646 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.595450 -~~	() https://vuldb.com/?submit.595450 - Third Party Advisory, VDB Entry

26 Jun 2025, 18:58

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en 70mai M300 hasta el 20250611, clasificada como crítica. Este problema afecta a una funcionalidad desconocida del componente Telnet Service. La manipulación implica el uso de credenciales predeterminadas. El ataque debe iniciarse dentro de la red local. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

23 Jun 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-23 23:15

Updated : 2025-11-14 14:12

NVD link : CVE-2025-6529

Mitre link : CVE-2025-6529

CVE.ORG link : CVE-2025-6529

JSON object : View

Products Affected

70mai

m300_firmware
m300

CWE

CWE-1392

8.8 /10