CVE-2025-67112 - Vulnerability Details

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf
https://freedomfi.com/index.html
https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood

History

Thu, 19 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description		Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions.
References		https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf https://freedomfi.com/index.html https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-19T00:00:00.000Z

Updated: 2026-03-19T17:28:26.472Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67112

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-19T18:16:15.450

Modified: 2026-03-19T18:16:15.450

Link: CVE-2025-67112

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object