Primary

Context

HiSecOS Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in HiSecOS version 04.0.01, allowing authenticated users to alter their access roles via XML-based NETCONF configuration. By sending specially crafted XML payloads to the /mops_data endpoint, users can elevate their privileges to administrative levels.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain administrative rights.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to the /mops_data endpoint with an XML payload that includes a specific role value. The payload must be crafted to modify the user's access role to 'admin'.

Added: Dec 17, 2025, 11:46 PM

Updated: Dec 17, 2025, 11:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.2

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HiSecOS Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Belden HiSecOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating