← voltar
CVE-2025-64385

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

CVSS 9.2 CRITICALEPSS 0.5%CWE-20
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H
Produtos afetados
Circutor · TCPRS1plus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cds.thalesgroup.com/es/s21sechttps://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./https://www.hackrtu.com/blog/cg-0day-en-003/