Home

Description

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

PUBLISHED Reserved 2025-10-31 | Published 2025-10-31 | Updated 2025-11-03 | Assigner S21sec




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unknown

1.0.14
affected

Credits

Víctor Bello Cuevas finder

Aarón Flecha Menéndez finder

Iván Alonso Álvarez coordinator

References

cds.thalesgroup.com/es/s21sec

circutor.com/...ion/conversores-y-pasarelas/product/D80010./ product

www.hackrtu.com/blog/cg-0day-en-003/ technical-description

cve.org (CVE-2025-64385)

nvd.nist.gov (CVE-2025-64385)

Download JSON