Metz-connect Ewio2-m Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Metz-connect Ewio2-m Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-41733 — CVSS 9.8 (critical): The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker…
CVE-2025-41734 — CVSS 9.8 (critical): An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVE-2025-41735 — CVSS 8.8 (high): A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVE-2025-41736 — CVSS 8.8 (high): A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename…
CVE-2025-41737 — CVSS 7.5 (high): Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.