CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk
Ddos 
A critical flaw has been identified in the Welotec egOS WebGUI backend, tracked as CVE-2025-41702, which could allow unauthenticated attackers to gain full control of affected devices. The vulnerability carries a CVSS score of 9.8, underscoring its severity.
According to the advisory, βThe JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.β
The implications of this flaw are significant. With the ability to forge valid JSON Web Tokens (JWTs), an attacker can impersonate any userβincluding administrators. As the report notes, βAttackers can impersonate any user (including administrators), modify configuration, upload firmware, reboot the device, and access sensitive logs.β
This effectively gives adversaries the ability to manipulate critical configurations, disrupt device functionality, and gain access to sensitive operational data.
The vulnerability affects multiple egOS-powered Welotec devices, including the EG400Mk2, EG500Mk2, EG503L, EG503W, EG602, EG603 Mk2, EG802, and EG804 series. Both standard and Pro versions are impacted if running firmware prior to v1.7.7 or v1.8.2.
CERT@VDE recommends immediate mitigation steps to reduce exposure. βTemporarily disable the WebGUI or restrict network access to the WebGUI to trusted admin stations.β
For full remediation, Welotec has released patched firmware:
- v1.7.7
- v1.8.2
Administrators should update all impacted devices to one of these fixed versions as soon as possible.
Related Posts:
- Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks
- Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
- Hacker can use Smartphone Apps to control industrial processes
- New Android Malware Impersonates Indian Banks to Steal Data & Secretly Mine Monero
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
