CVE-2025-64385
CVE-2025-64385
9.2
CriticalPublished:
Last updated:
Source:50b5080a-775f-442e-83b5-926b5ca517b6
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- None
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- Low
- Availability (Subsequent)
- High
Description
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
References
50b5080a-775f-442e-83b5-926b5ca517b6
https://cds.thalesgroup.com/es/s21sec50b5080a-775f-442e-83b5-926b5ca517b6
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./50b5080a-775f-442e-83b5-926b5ca517b6
https://www.hackrtu.com/blog/cg-0day-en-003/