SecuriTricks - CVE-2025-1880

Description

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

Product(s) Impacted

Vendor	Product	Versions
I-drive	I11 Firmware I11 I12 Firmware I12	* * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	i-drive	i11_firmware	/	/	/	/	/	/	/	/
h	i-drive	i11	/	/	/	/	/	/	/	/
o	i-drive	i12_firmware	/	/	/	/	/	/	/	/
h	i-drive	i12	/	/	/	/	/	/	/	/

References

https://github.com/geo-chen/i-Drive

https://vuldb.com/?ctiid.298194

https://vuldb.com/?id.298194

https://vuldb.com/?submit.510951

CVSS Score

2.0 / 10

CVSS Data - 3.1

Attack Vector: PHYSICAL
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: March 3, 2025, 8:15 p.m.
Last Modified: March 5, 2025, 2:51 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-1880