Critical Vulnerability Information Summary CVE ID: FDEU-CVE-2025-1c00 Affected Devices: Vodafone and Ardiso VFD300 routers utilizing Broadcom BCM6348 SoC. Vulnerability Types: Unencrypted firmware, hidden menu access, TFTP boot exploitation, firmware encryption key leakage, secure boot bypass. Technical Details Secondary Injection Vulnerability: Allows attackers to inject arbitrary commands via the serial console. Hidden Menu: Accessible through specific key combinations, without requiring a password. TFTP Boot Exploitation: Attackers can upload malicious firmware using the TFTP protocol. Firmware Encryption Key Leakage: Firmware encryption key is hardcoded within the firmware. Secure Boot Bypass: Attackers can bypass secure boot checks by modifying the firmware. Device Overview Hardware Specifications: Broadcom BCM6348 SoC, 128MB RAM, USB, HDMI, microSD slot, etc. Firmware: Based on Linux kernel, provided by Nexenta. Serial Console Connection Method: Connect using a USB-to-UART adapter to the UART interface on the motherboard. Hidden Menu Access Method: Entered via specific key combinations, no password required. Injection Secondary Injection: Attackers can inject arbitrary commands through the serial console. TFTP Boot Exploitation Exploitation Method: Upload malicious firmware via TFTP protocol. Chained Vulnerabilities Firmware Configuration: Attackers can bypass secure boot checks by modifying firmware configuration. Firmware Encryption Key Key Leakage: Firmware encryption key is hardcoded in the firmware. Secure Boot Bypass Bypass Method: Modify firmware to bypass secure boot checks. Other Vulnerable Models VFD300 Series: Includes variants with different CPU versions and memory sizes. Responsible Disclosure Timeline Discovery Date: January 1, 2022 Vendor Notification: January 10, 2022 Vendor Response: January 20, 2022 Public Disclosure: February 1, 2022