CVE-2025-61234

Published: Oct 29, 2025

Modified: Oct 30, 2025

PUBLISHED

Description

Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port 8888 triggers an error in the response, which exposes the functionality, headers identifying Paytef dataphone packets, and the build version.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/stuxve/expose-service-8888-dataphone

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-61234

Description

Affected Products

References