Metz-connect Ewio2-m-bm_firmware

5 CVEs affecting Metz-connect Ewio2-m-bm_firmware. Latest disclosed: 2025-11-18. Critical: 2, High: 3.

Top CVEs affecting Metz-connect Ewio2-m-bm_firmware
CVESeverityScorePublishedSummary
CVE-2025-41734Critical9.82025-11-18An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVE-2025-41733Critical9.82025-11-18The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST…
CVE-2025-41736High8.82025-11-18A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a…
CVE-2025-41735High8.82025-11-18A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVE-2025-41737High7.52025-11-18Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.