1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Optigo Networks
- Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool
- Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool are affected:
- Visual BACnet Capture Tool: Version 3.1.2rc11
- Optigo Visual Networks Capture Tool: Version 3.1.2rc11
3.2 VULNERABILITY OVERVIEW
3.2.1 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
CVE-2025-2079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-2079. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).