CVE-2025-26689 is a critical vulnerability affecting Inaba Denki Sangyo CHOCO TEI WATCHER mini (IB-MCT001). According to the CISA CSAF advisory, a remote attacker can send a specially crafted HTTP request and may be able to obtain or delete product data and/or alter product settings. The advisory maps to a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which is consistent with the published 9.8 c [truncated]
CRITICALInaba Denki Sangyo Co., Ltd.CVE published 2025-03-25
CVE-2025-25211 affects Inaba Denki Sangyo Co., Ltd. CHOCO TEI WATCHER mini (IB-MCT001). The advisory states that the product has a weak password requirement vulnerability that may allow an attacker to perform brute-force attacks, potentially resulting in unauthorized access and login. CISA published the CSAF advisory ICSA-25-084-04 on 2025-03-25, and the affected product listing covers vers:all/* for the [truncated]
MEDIUMInaba Denki Sangyo Co., Ltd.CVE published 2025-03-25
CVE-2025-24852 describes a credential exposure issue in Inaba Denki Sangyo CHOCO TEI WATCHER mini (IB-MCT001). According to the advisory, an attacker who can access the device's microSD card may obtain the product's login password. The supplied remediation focuses on restricting physical/media access and limiting network exposure, rather than on a software patch.
HIGHInaba Denki Sangyo Co., Ltd.CVE published 2025-03-25
CVE-2025-24517 affects Inaba Denki Sangyo CHOCO TEI WATCHER mini (IB-MCT001) and was publicly disclosed by CISA on 2025-03-25. The advisory says the product has a client-side authentication vulnerability that may allow an attacker to obtain the login password without authentication. The issue is rated CVSS 7.5/High and the affected scope is listed as all versions in the supplied CSAF record.
