JVN#75140384
Multiple vulnerabilities in SNC-CX600W

Overview

SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities.

Products Affected

CVE-2025-62497

• SNC-CX600W versions prior to Ver.2.8.0

• SNC-CX600W all versions

Description

SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities listed below.

• Cross-site request forgery (CWE-352)
  • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.1
  • CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1
  • CVE-2025-62497
• Cross-site scripting (CWE-79)
  • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 5.2
  • CVE-2025-64730

Impact

• If a user accesses a specially crafted webpage while logged in, unintended operations may be performed. (CVE-2025-62497)
• An arbitrary script may be executed on the web browser of the user who accessed the product. (CVE-2025-64730)

Solution

CVE-2025-62497
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

CVE-2025-64730
Apply the workaround
The developer states that applying the following workaround may mitigate the impact of this vulnerability.

• Change the default administrator login credentials and manage them appropriately
• Enable HTTPS and use encrypted communication
• Log out and close the browser immediately after completing administrative operations