Description

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration and execute some commands (e.g., system reboot).

INFO

Published Date :

2025-07-09T08:53:32.653Z

Last Modified :

2025-07-09T13:20:55.438Z

Source :

ENISA
AFFECTED PRODUCTS

The following products are affected by CVE-2025-3498 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3498.

URL Resource
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3498 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact