CVE-2025-67112

Published: Mar 19, 2026

Modified: Mar 24, 2026

PUBLISHED

Description

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood

https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf

https://freedomfi.com/index.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67112

Description

Affected Products

References