Critical authentication bypass flaw reported in Dover ProGauge MagLink LX Consoles
Take action: If you have Dover Fueling Solutions ProGauge MagLink LX consoles, make sure they are isolated from the internet. Then immediately update to the latest firmware versions (4.20.3+ for LX 4/Plus models, 5.20.3+ for Ultimate models). Because your consoles have a backdoor, and hackers will find it very fast.
Learn More
Dover Fueling Solutions has addressed a critical security vulnerability in its ProGauge MagLink LX console systems.
The flaw is tracked as CVE-2025-5310, (CVSS score 9.2) is a missing authentication mechanism for critical functions within the ProGauge MagLink LX consoles. The device exposes an undocumented and unauthenticated Target Communication Framework (TCF) interface on a specific port, creating what security researchers describe as an undocumented backdoor that allows attackers to execute commands without any authentication requirements.
The exposed interface allows unauthorized actors to perform critical operations including creating, deleting, or modifying files on the system, which could escalate to remote code execution capabilities.
The vulnerability impacts multiple versions of Dover Fueling Solutions' ProGauge MagLink LX consoles:
- ProGauge MagLink LX 4 versions prior to 4.20.3,
- ProGauge MagLink LX Plus versions prior to 4.20.3,
- ProGauge MagLink LX Ultimate versions prior to 5.20.3.
Exploiting the flaw requires only basic connectivity and knowledge of the port. The exposed systems could serve as entry points for more sophisticated attacks, including ransomware deployment that could propagate through operational technology networks. B
Dover Fueling Solutions has released updated firmware to address the flaw. Organizations operating MagLink LX 4 and MagLink LX Plus systems must upgrade to version 4.20.3 or later, while MagLink LX Ultimate users should update to version 5.20.3 or later. The firmware updates can be downloaded directly from the Dover Fueling Solutions website.
