MidnightBSD

Advisories for sencore

CVE-2025-63226

The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.

Products Affected

Vendor Product Version
sencore decoder-ccv2_firmware 60.1.4
sencore en2sdi-2hd_firmware 60.1.29
sencore smp100_firmware 4.2.160