CVE-2025-63216

critical

Description

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

References

https://www.itel.it/

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63216_Itel%20DAB%20Gateway%20Authentication%20Bypass

Details

Source: Mitre, NVD

Published: 2025-11-18

Updated: 2025-11-19

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0003