A critical authentication bypass vulnerability exists in specific models of The Newtec Celox UHD devices. This flaw allows an unauthenticated attacker, capable of intercepting network traffic, to forge a server response and gain full Superuser or Operator access to the system without providing valid credentials. Successful exploitation could lead to a complete compromise of the affected device, enabling data theft, service disruption, and unauthorized system modifications.

The vulnerability is an authentication bypass in the loginWithUserName function handled by the /celoxservice endpoint. An attacker positioned to perform a Man-in-the-Middle (MitM) attack can intercept the legitimate response from the server during an authentication attempt. The attacker can then modify the response body, injecting a forged success message that the client-side application improperly trusts, granting the attacker privileged access as a Superuser or Operator without requiring a valid password.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation results in a complete compromise of the affected device's confidentiality, integrity, and availability. An attacker with Superuser access can exfiltrate sensitive data, reconfigure or disable the device causing operational outages, install persistent backdoors, or use the compromised system as a pivot point to launch further attacks against the internal network. Given the critical function of such devices in media and broadcast environments, the potential for significant business disruption is extremely high.

Immediate Action: Immediately apply the security patches provided by the vendor to all affected Newtec Celox UHD devices. Prioritize patching externally-facing or critical systems. After patching, review access logs for any unauthorized or suspicious logins, particularly for Superuser or Operator accounts, that may have occurred prior to the update.

Proactive Monitoring:

• Monitor network traffic for anomalies related to the /celoxservice endpoint, specifically looking for malformed or unexpectedly large response bodies.
• Implement log monitoring and alerting for multiple failed login attempts followed by a successful login from the same source IP.
• Regularly audit privileged accounts (Superuser, Operator) for any unauthorized or unexpected activity and configuration changes.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Restrict network access to the device's management interface to a limited set of trusted IP addresses using firewalls or Access Control Lists (ACLs).
• Implement network segmentation to isolate the vulnerable devices from critical network segments and the public internet.
• Deploy a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) with rules to detect and block response manipulation attacks.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for a full system compromise, this vulnerability represents a severe risk to the organization. We strongly recommend that the vendor-supplied patches be applied to all affected Newtec Celox UHD devices as an immediate priority. While this CVE is not currently on the CISA KEV list, its high impact makes it a prime target for opportunistic and sophisticated attackers. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to mitigate the risk of a breach.