Güralp Systems FMUS Series Seismic Monitoring Devices - Missing Authentication for Critical Function

漏洞信息

漏洞名称: Güralp Systems FMUS Series Seismic Monitoring Devices - Missing Authentication for Critical Function

漏洞编号:

  • CVE: CVE-2025-8286

漏洞类型: 未授权访问

漏洞等级: 严重

漏洞描述: 受影响的产品是Güralp Systems的FMUS系列地震监测设备,这些设备广泛应用于地震监测和地质研究领域,通常部署在关键基础设施和科研机构中。该漏洞的类型为未授权访问,技术根源在于设备暴露了一个未经认证的基于Telnet的命令行接口。这意味着攻击者无需任何认证即可访问设备的命令行界面,从而可以修改硬件配置、操纵数据或恢复设备出厂设置。这种漏洞的存在极大地增加了设备被恶意利用的风险,攻击者可以利用此漏洞远程控制设备,导致数据被篡改或丢失,甚至可能影响到地震监测系统的正常运行和数据的准确性。由于该漏洞不需要任何形式的认证即可利用,且可以通过自动化工具进行大规模扫描和攻击,因此其潜在的安全风险非常高。

产品厂商: guralp_systems

产品名称: guralp_fmus_series_seismic_monitoring_devices

搜索语法: “Welcome to “ && “list of available commands” && port=”4244”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/9d159b4b6aaa494f098fa76fdf59ba3daa6e607b/http%2Fcves%2F2025%2FCVE-2025-8286.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

id: CVE-2025-8286

info:
  name: Güralp Systems FMUS Series Seismic Monitoring Devices - Missing Authentication for Critical Function
  severity: critical
  author: darses
  description: |
    The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
  remediation: |
    Update to the latest firmware version or apply vendor recommended patches to secure Telnet access.
  classification:
    cwe-id: CWE-306
    cve-id: CVE-2025-8286
    cvss-metrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    cvss-score: 9.8
  metadata:
    vendor: guralp_systems
    product: guralp_fmus_series_seismic_monitoring_devices
    shodan-query:
      - '"Welcome to " "list of available commands" port:4244'
    fofa-query:
      - '"Welcome to " && "list of available commands" && port="4244"'
  reference:
    - https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01
    - https://www.cve.org/CVERecord?id=CVE-2025-8286
  tags: ics,cve,cve2025,tcp,telnet

tcp:
  - host:
      - "{{Hostname}}"

    port: 4244

    inputs:
      - data: "\n"
        read: 128
        name: banner

      - data: "system info\n"
        read: 256
        name: system_info

    matchers-condition: and
    matchers:
      - type: word
        part: banner
        words:
          - "Welcome to "
          - 'type "help" for a list of available commands'
        condition: and

      - type: word
        part: system_info
        words:
          - "Host Name: "
          - "Firmware Version: "
        condition: and

    extractors:
      - type: regex
        part: system_info
        group: 1
        regex:
          - "Host\\s+Name:\\s+([\\w\\d\\.\\-]+)"

      - type: regex
        part: system_info
        group: 1
        regex:
          - "Firmware\\s+Version:\\s+([\\d\\.\\-]+)"


Github Poc
#projectdiscovery/nuclei-templates:github issues #未授权访问
Güralp Systems FMUS Series Seismic Monitoring Devices - Missing Authentication for Critical Function
http://example.com/2025/08/01/github_1775473521/
作者
lianccc
发布于
2025年8月1日
许可协议