Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 13 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authentication Bypass in Garmin WDU WebSocket APIs Allows Unauthorized Remote Control | |
| Weaknesses | CWE-285 |
Wed, 13 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-13T19:56:22.255Z
Reserved: 2025-03-09T00:00:00.000Z
Link: CVE-2025-27853
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-13T21:16:41.463
Modified: 2026-05-13T21:16:41.463
Link: CVE-2025-27853
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-13T21:30:04Z