CVE-2025-5124 | Sony SNC-M1 up to 1.30 Administrative Interface default credentials

A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials.

This vulnerability is uniquely identified as CVE-2025-5124. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The real existence of this vulnerability is still doubted at the moment.

It is recommended to change the configuration settings.

The vendor was contacted early about this issue. They confirmed the existence but pointed out that they “have published the ‘Hardening Guide’ on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords”.

CVE-2025-5124 | Sony SNC-M1 up to 1.30 Administrative Interface default credentials

Post correlati

CVE-2024-40536 | Shenzhen Libituo Technology LBT-T300-T400 3.2 config_3g_para pin_3g_code stack-based overflow

CVE-2024-23850 | Linux Kernel up to 6.7.1 fs/btrfs/disk-io.c btrfs_get_root_ref assertion

CVE-2025-20014 | mySCADA myPRO Manager/myPRO Runtime POST Request os command injection (icsa-25-023-01)

CVE-2025-4732 | TOTOLINK A3002R/A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formFilter ip6addr buffer overflow