FOCUS MODE
EXTRACT IOC
Cyber Security News

CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns

Cyware
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory regarding multiple critical vulnerabilities in the CHOCO TEI WATCHER mini manufactured by Inaba Denki Sangyo Co., Ltd. These vulnerabilities may allow attackers to exploit the device, compromising sensitive information and operational integrity in industrial environments. Mitigations have been suggested while permanent patches are in development.

Affected: Inaba Denki Sangyo Co., Ltd. – CHOCO TEI WATCHER mini (IB-MCT001)

Keypoints :

  • Four critical vulnerabilities identified with varying severity, impacting device security.
  • CVE-2025-24517 allows retrieval of login passwords due to reliance on client-side authentication.
  • Passwords are stored in a recoverable format (CVE-2025-24852) on microSD cards, accessible to anyone with physical access.
  • Weak password requirements (CVE-2025-25211) enable brute-force attacks for unauthorized access.
  • CVE-2025-26689 enables remote attackers to manipulate device data/settings without authentication.
  • No public exploitation has been reported, but risks to critical manufacturing operations are significant.
  • Temporary mitigations include restricted access and secure network practices until patches are available.

Source: https://securityonline.info/choco-tei-watcher-mini-devices-found-vulnerable-to-critical-remote-exploits-cisa-warns/

Tags: EXPLOIT, CVE, VULNERABILITY, PASSWORD