{"id":40723,"date":"2025-05-20T04:42:48","date_gmt":"2025-05-20T04:42:48","guid":{"rendered":""},"modified":"2025-06-22T11:35:40","modified_gmt":"2025-06-22T17:35:40","slug":"cve-2025-26390-critical-sql-injection-vulnerability-in-ozw672-and-ozw772-devices","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-26390-critical-sql-injection-vulnerability-in-ozw672-and-ozw772-devices\/","title":{"rendered":"<strong>CVE-2025-26390: Critical SQL Injection Vulnerability in OZW672 and OZW772 Devices<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The cybersecurity community has recently identified a critical vulnerability, CVE-2025-26390, that affects users of the OZW672 and OZW772 devices. This vulnerability resides in the web service of the aforementioned devices and is specifically related to SQL injection attacks when checking authentication data. The severity of this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-29509-critical-remote-code-execution-vulnerability-in-jan-v0-5-14\/\"  data-wpil-monitor-id=\"45549\">vulnerability lies in the potential for an unauthenticated remote<\/a> attacker to bypass the check and authenticate as an Administrator user, potentially leading to system compromise or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-26390<br \/>\nSeverity: Critical (9.8 CVSS score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34332-critical-vulnerability-in-ami-s-spx-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"47574\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-623505490\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>OZW672 | All versions < V6.0\nOZW772 | All versions < V6.0\n\n<strong>How the Exploit Works<\/strong><\/p>\n<p>The exploitation takes place when an attacker sends specially crafted SQL <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32002-critical-os-command-injection-vulnerability-in-i-o-data-network-attached-hard-disk-firmware\/\"  data-wpil-monitor-id=\"49738\">commands within authentication data<\/a> to the web service of the affected devices. The web service fails to properly sanitize the input data, allowing the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4559-sql-injection-vulnerability-in-isoinsight-from-netvision\/\"  data-wpil-monitor-id=\"45533\">injection of malicious SQL<\/a> commands. These <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-42136-arbitrary-command-execution-vulnerability-in-pax-android-pos-devices\/\"  data-wpil-monitor-id=\"51789\">commands are then executed<\/a> in the database context. As a result, an attacker could manipulate SQL queries, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34333-critical-vulnerability-in-ami-s-spx-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"47598\">potentially leading<\/a> to unauthorized access as an Administrator user.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p>\n<p>Here is a conceptual example of how a malicious <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47708-cross-site-request-forgery-vulnerability-in-drupal-enterprise-mfa-tfa\/\"  data-wpil-monitor-id=\"49802\">request exploiting this vulnerability<\/a> could look. In this example, an HTTP request is sent to the vulnerable endpoint with a malicious payload designed to exploit the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28203-command-injection-vulnerability-in-victure-rx1800-en-v1-0-0-r12-110933\/\"  data-wpil-monitor-id=\"45542\">SQL<\/a> injection vulnerability.<\/p><div id=\"ameeb-291896529\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<pre><code class=\"\" data-line=\"\">POST \/login HTTP\/1.1\nHost: vulnerable.device.com\nContent-Type: application\/x-www-form-urlencoded\nusername=admin&#039;;--&amp;password=<\/code><\/pre>\n<p>In this example, the `username` parameter contains a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47682-sql-injection-vulnerability-in-woocommerce-s-sms-alert-order-notifications-plugin\/\"  data-wpil-monitor-id=\"45868\">SQL injection<\/a> payload. The payload `admin&#8217;;&#8211;` aims to end the current SQL statement prematurely, comment out the rest of the original query, and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31019-authentication-bypass-vulnerability-in-miniorange-password-policy-manager\/\"  data-wpil-monitor-id=\"60305\">authenticate as the admin user without requiring a password<\/a>.<br \/>\nThe best way to mitigate this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49002-critical-vulnerability-in-dataease-bypassing-patch-for-cve-2025-32966\/\"  data-wpil-monitor-id=\"60306\">vulnerability is by applying the vendor patch<\/a>. If this is not immediately possible, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as temporary mitigation. It is, however, strongly recommended to apply the patch as soon as possible due to the high <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30387-severe-path-traversal-vulnerability-in-azure-allowing-privilege-escalation\/\"  data-wpil-monitor-id=\"48735\">severity of this vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The cybersecurity community has recently identified a critical vulnerability, CVE-2025-26390, that affects users of the OZW672 and OZW772 devices. This vulnerability resides in the web service of the aforementioned devices and is specifically related to SQL injection attacks when checking authentication data. The severity of this vulnerability lies in the potential for an unauthenticated [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-40723","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=40723"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723\/revisions"}],"predecessor-version":[{"id":54033,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723\/revisions\/54033"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=40723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=40723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=40723"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=40723"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=40723"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=40723"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=40723"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=40723"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=40723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}