CVE-2025-13477
7.1 HIGHExposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operatio...
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-359, CWE-522
Description
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-26237 — A missing authorization vulnerability has been reported to affect QuMagie
- CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)
- CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the N... (6.5 MEDIUM)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)