SecuriTricks - CVE-2025-1879

Description

A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

Product(s) Impacted

Vendor	Product	Versions
I-drive	I11 Firmware I11 I12 Firmware I12	* * * *

Weaknesses

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	i-drive	i11_firmware	/	/	/	/	/	/	/	/
h	i-drive	i11	/	/	/	/	/	/	/	/
o	i-drive	i12_firmware	/	/	/	/	/	/	/	/
h	i-drive	i12	/	/	/	/	/	/	/	/

References

https://github.com/geo-chen/i-Drive

https://vuldb.com/?ctiid.298193

https://vuldb.com/?id.298193

https://vuldb.com/?submit.510950

CVSS Score

2.4 / 10

CVSS Data

Attack Vector: PHYSICAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

View Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Date

Published: March 3, 2025, 8:15 p.m.
Last Modified: March 5, 2025, 2:52 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-1879