#VU105998 Use of Client-Side Authentication in CHOCO TEI WATCHER mini (IB-MCT001) - CVE-2025-24517


Vulnerability identifier: #VU105998

Vulnerability risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24517

CWE-ID: CWE-603

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CHOCO TEI WATCHER mini (IB-MCT001)
Hardware solutions / Firmware

Vendor: INABA DENKI SANGYO

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of client-side authentication. A remote attacker can obtain the product's login password without authentication.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

CHOCO TEI WATCHER mini (IB-MCT001): All versions

External links
https://jvn.jp/en/vu/JVNVU91154745/index.html
https://www.inaba.co.jp/files/chocomini_vulnerability.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in CHOCO TEI WATCHER mini