CVE-2025-41222 in RUGGEDCOM i800
Summary
by MITRE • 07/08/2025
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). Affected devices do not properly handle malformed TLS handshake messages. This could allow an attacker with network access to the webserver to cause a denial of service resulting in the web server and the device to crash.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/08/2025
This vulnerability affects a broad range of ruggedized networking equipment manufactured by RUGGEDCOM, spanning multiple product lines including i800, M2100, RMC30, RS400, RS900, RSG2100, and others. The flaw resides in the handling of TLS handshake messages, specifically when malformed or improperly structured handshake data is received by the device's web server component. This issue represents a classic denial of service vulnerability that can be exploited by remote attackers with network access to the affected devices. The vulnerability impacts all versions of the listed products, with the notable exception of certain models where the issue is mitigated in versions 5.10.0 and later. From a cybersecurity perspective, this vulnerability falls under the category of improper input validation, which is commonly categorized as CWE-20 - Improper Input Validation within the Common Weakness Enumeration framework. The attack surface is particularly concerning given the industrial and critical infrastructure deployment context of these ruggedized devices, which are often used in environments where network availability is paramount.
The technical exploitation of this vulnerability involves sending specially crafted TLS handshake messages that the device's web server cannot properly process. When the web server attempts to parse these malformed messages, it likely triggers an unhandled exception or memory corruption that results in a crash of the web server process. This crash subsequently causes the entire device to become unresponsive, effectively creating a denial of service condition that can persist until manual intervention or device reboot occurs. The impact extends beyond simple service disruption as these devices are typically deployed in mission-critical environments where availability is essential. The vulnerability's exploitation requires only network access to the device's web interface, making it particularly dangerous in environments where physical security is not properly enforced. According to the MITRE ATT&CK framework, this vulnerability maps to T1499.004 - Endpoint Denial of Service, which specifically addresses the exploitation of device vulnerabilities to cause service disruption.
The operational impact of this vulnerability is significant for organizations relying on RUGGEDCOM devices for their network infrastructure, especially in sectors such as utilities, transportation, manufacturing, and telecommunications. These devices often serve as critical network gateways, routers, or communication nodes that must maintain continuous availability to prevent cascading failures in larger network ecosystems. When exploited, the vulnerability can result in extended periods of service disruption that may not only affect local operations but could also impact connected systems and services. The widespread nature of affected models means that organizations with multiple RUGGEDCOM devices across their infrastructure face a substantial risk profile, as a single vulnerable device can serve as an entry point for broader network disruption. The vulnerability also presents challenges for incident response teams as the symptoms of exploitation manifest as device crashes rather than more easily identifiable network anomalies, potentially delaying detection and response times.
Mitigation strategies for this vulnerability should prioritize immediate remediation through firmware updates provided by RUGGEDCOM, particularly for versions prior to 5.10.0 where the issue remains unpatched. Organizations should implement network segmentation to limit access to device web interfaces and restrict administrative access to only authorized personnel. Network monitoring solutions should be configured to detect unusual patterns of web server traffic that might indicate exploitation attempts, including unusual TLS handshake sequences or repeated connection failures. Additional defensive measures include implementing network access controls to restrict web server access to trusted IP ranges and ensuring that devices are not exposed to untrusted networks. Security teams should also consider deploying intrusion detection systems that can identify malformed TLS traffic patterns that may indicate attempts to exploit this vulnerability. Organizations should conduct comprehensive inventories of all affected devices within their infrastructure and prioritize patching based on risk exposure and criticality of the affected systems. The vulnerability's nature as a denial of service issue also necessitates the implementation of redundant systems and failover mechanisms to ensure that the impact of device crashes does not cascade throughout the broader network infrastructure.