MidnightBSD

Advisories for kapsch

CVE-2025-25732

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23
CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23
CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23
CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23
CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default 'kapsch' user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23
CVE-2025-25737

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 3.2.0.829.23