Primary

Context

ESPEC North America Web Controller JWT Secret Exposure Vulnerability

Vulnerability

A vulnerability exists in ESPEC North America Web Controller versions 3.0.0 prior to 3.3.4. When an invalid authentication request is made to the API, the response inadvertently includes the JWT secret. This exposure can be exploited to gain elevated permissions in the user interface by allowing the generation of valid JWTs without server involvement.

Impact

Exploitation of this vulnerability allows for unauthorized elevation of privileges within the application, potentially leading to unauthorized access or actions in the user interface.

Remediation

Users are advised to update the Web Controller firmware to version 3.3.4 or newer. After updating, all previously generated JWT tokens will be invalidated, requiring users to re-authenticate.

Added: Aug 14, 2025, 4:16 PM

Updated: Aug 14, 2025, 4:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESPEC North America Web Controller JWT Secret Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating