#VU106006 Storing passwords in a recoverable format in CHOCO TEI WATCHER mini (IB-MCT001) - CVE-2025-24852


Vulnerability identifier: #VU106006

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24852

CWE-ID: CWE-257

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
CHOCO TEI WATCHER mini (IB-MCT001)
Hardware solutions / Firmware

Vendor: INABA DENKI SANGYO

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to storing passwords in a recoverable format. An attacker with physical access can obtain the product's login password.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

CHOCO TEI WATCHER mini (IB-MCT001): All versions

External links
https://jvn.jp/en/vu/JVNVU91154745/index.html
https://www.inaba.co.jp/files/chocomini_vulnerability.pdf

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in CHOCO TEI WATCHER mini