CVE-2025-22940
Published: 31 March 2025
Description
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Security Summary
CVE-2025-22940 is an incorrect access control vulnerability affecting the Adtran 411 ONT running firmware version L80.00.0011.M2. It enables unauthorized attackers to arbitrarily set the admin password, as documented under CWE-284. The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.
Remote attackers require no privileges or user interaction to exploit this flaw over the network. Successful exploitation allows them to set the admin password, granting high-level confidentiality and integrity impacts, such as full administrative control over the device without affecting availability.
Mitigation details and advisories are referenced in the following sources: https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view, https://lanrat.com/posts/adtran-isp-hacking/, and https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes an unauthenticated remote vulnerability allowing arbitrary admin password setting on a public-facing ONT device, enabling exploitation via T1190 for initial access and facilitating T1098 by permitting unauthorized account password changes.