SecuriTricks - CVE-2025-1882

Description

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

Product(s) Impacted

Vendor	Product	Versions
I-drive	I11 Firmware I11 I12 Firmware I12	* * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	i-drive	i11_firmware	/	/	/	/	/	/	/	/
h	i-drive	i11	/	/	/	/	/	/	/	/
o	i-drive	i12_firmware	/	/	/	/	/	/	/	/
h	i-drive	i12	/	/	/	/	/	/	/	/

References

https://github.com/geo-chen/i-Drive

https://vuldb.com/?ctiid.298196

https://vuldb.com/?id.298196

https://vuldb.com/?submit.510955

CVSS Score

5.0 / 10

CVSS Data - 3.1

Attack Vector: ADJACENT_NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

View Vector String

Timeline

Published: March 3, 2025, 9:15 p.m.
Last Modified: March 5, 2025, 3:18 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-1882