{"id":40723,"date":"2025-05-20T04:42:48","date_gmt":"2025-05-20T04:42:48","guid":{"rendered":""},"modified":"2025-06-22T11:35:40","modified_gmt":"2025-06-22T17:35:40","slug":"cve-2025-26390-critical-sql-injection-vulnerability-in-ozw672-and-ozw772-devices","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-26390-critical-sql-injection-vulnerability-in-ozw672-and-ozw772-devices\/","title":{"rendered":"<strong>CVE-2025-26390: Critical SQL Injection Vulnerability in OZW672 and OZW772 Devices<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The cybersecurity community has recently identified a critical vulnerability, CVE-2025-26390, that affects users of the OZW672 and OZW772 devices. This vulnerability resides in the web service of the aforementioned devices and is specifically related to SQL injection attacks when checking authentication data. The severity of this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-29509-critical-remote-code-execution-vulnerability-in-jan-v0-5-14\/\"  data-wpil-monitor-id=\"45549\">vulnerability lies in the potential for an unauthenticated remote<\/a> attacker to bypass the check and authenticate as an Administrator user, potentially leading to system compromise or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-26390<br \/>\nSeverity: Critical (9.8 CVSS score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34332-critical-vulnerability-in-ami-s-spx-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"47574\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3338931346\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>OZW672 | All versions < V6.0\nOZW772 | All versions < V6.0\n\n<strong>How the Exploit Works<\/strong><\/p>\n<p>The exploitation takes place when an attacker sends specially crafted SQL <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-32002-critical-os-command-injection-vulnerability-in-i-o-data-network-attached-hard-disk-firmware\/\"  data-wpil-monitor-id=\"49738\">commands within authentication data<\/a> to the web service of the affected devices. The web service fails to properly sanitize the input data, allowing the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4559-sql-injection-vulnerability-in-isoinsight-from-netvision\/\"  data-wpil-monitor-id=\"45533\">injection of malicious SQL<\/a> commands. These <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-42136-arbitrary-command-execution-vulnerability-in-pax-android-pos-devices\/\"  data-wpil-monitor-id=\"51789\">commands are then executed<\/a> in the database context. As a result, an attacker could manipulate SQL queries, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-34333-critical-vulnerability-in-ami-s-spx-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"47598\">potentially leading<\/a> to unauthorized access as an Administrator user.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p>\n<p>Here is a conceptual example of how a malicious <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47708-cross-site-request-forgery-vulnerability-in-drupal-enterprise-mfa-tfa\/\"  data-wpil-monitor-id=\"49802\">request exploiting this vulnerability<\/a> could look. In this example, an HTTP request is sent to the vulnerable endpoint with a malicious payload designed to exploit the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28203-command-injection-vulnerability-in-victure-rx1800-en-v1-0-0-r12-110933\/\"  data-wpil-monitor-id=\"45542\">SQL<\/a> injection vulnerability.<\/p><div id=\"ameeb-447387466\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<pre><code class=\"\" data-line=\"\">POST \/login HTTP\/1.1\nHost: vulnerable.device.com\nContent-Type: application\/x-www-form-urlencoded\nusername=admin&#039;;--&amp;password=<\/code><\/pre>\n<p>In this example, the `username` parameter contains a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47682-sql-injection-vulnerability-in-woocommerce-s-sms-alert-order-notifications-plugin\/\"  data-wpil-monitor-id=\"45868\">SQL injection<\/a> payload. The payload `admin&#8217;;&#8211;` aims to end the current SQL statement prematurely, comment out the rest of the original query, and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31019-authentication-bypass-vulnerability-in-miniorange-password-policy-manager\/\"  data-wpil-monitor-id=\"60305\">authenticate as the admin user without requiring a password<\/a>.<br \/>\nThe best way to mitigate this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49002-critical-vulnerability-in-dataease-bypassing-patch-for-cve-2025-32966\/\"  data-wpil-monitor-id=\"60306\">vulnerability is by applying the vendor patch<\/a>. If this is not immediately possible, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as temporary mitigation. It is, however, strongly recommended to apply the patch as soon as possible due to the high <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30387-severe-path-traversal-vulnerability-in-azure-allowing-privilege-escalation\/\"  data-wpil-monitor-id=\"48735\">severity of this vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The cybersecurity community has recently identified a critical vulnerability, CVE-2025-26390, that affects users of the OZW672 and OZW772 devices. This vulnerability resides in the web service of the aforementioned devices and is specifically related to SQL injection attacks when checking authentication data. The severity of this vulnerability lies in the potential for an unauthenticated [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-40723","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=40723"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723\/revisions"}],"predecessor-version":[{"id":54033,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/40723\/revisions\/54033"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=40723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=40723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=40723"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=40723"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=40723"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=40723"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=40723"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=40723"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=40723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}