CVE-2025-64385

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

CVSS 9.2 CRITICALEPSS 0.5%CWE-20

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.2EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

31 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Produtos afetados

Circutor · TCPRS1plus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cds.thalesgroup.com/es/s21sec https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./https://www.hackrtu.com/blog/cg-0day-en-003/