Home

Description

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.

PUBLISHED Reserved 2025-10-31 | Published 2025-10-31 | Updated 2025-11-03 | Assigner S21sec




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Product status

Default status
unknown

1.0.14 (Firmware)
affected

Credits

Víctor Bello Cuevas finder

Aarón Flecha Menéndez finder

Iván Alonso Álvarez coordinator

References

circutor.com/...ion/conversores-y-pasarelas/product/D80010./ product

cds.thalesgroup.com/es/s21sec

www.hackrtu.com/blog/cg-0day-en-003/ technical-description

cve.org (CVE-2025-64387)

nvd.nist.gov (CVE-2025-64387)

Download JSON