← volver
CVE-2025-64385

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

CVSS 9.2 CRITICALEPSS 0.5%CWE-20
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H
Productos afectados
Circutor · TCPRS1plus

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cds.thalesgroup.com/es/s21sechttps://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./https://www.hackrtu.com/blog/cg-0day-en-003/