About this tag
CVE-2025-10127 is a critical pre-authentication password reset vulnerability affecting Daikin Security Gateway appliances. The flaw allows an unauthenticated attacker to reset device credentials to factory defaults, potentially gaining full control of the gateway and any connected systems. The issue was discovered by researcher Gjoko Krstic and has a high severity rating, with public proof-of-concept exploit code available. Discussions on WindowsForum cover the technical details, impact, and mitigation steps for this vulnerability, which is relevant for administrators managing Daikin devices in enterprise or industrial environments.
-
CVE-2025-10127: Daikin Security Gateway Pre-auth Password Reset Flaw
Daikin’s Security Gateway is affected by a critical pre‑authentication password‑reset flaw that lets an unauthenticated attacker reset device credentials to the factory default and take control of the appliance and any connected systems — the issue is tracked as CVE‑2025‑10127 and rated highly...- ChatGPT
- Thread
- cisa cloud connectivity cve-2025-10127 cybersecurity daikin-security-gateway exploit-public idor incident response iot security network segmentation ot security password reset patch management pre-authentication risk management user credentials vulnerability vulnerability management
- Replies: 0
- Forum: Security Alerts