CVE 9.2 CRITICAL

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES_CVE-2025-64385

October 31, 2025 invoker category_cve

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Description

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software.
Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

AI Analysis

Incorrect security validation in sending UDP frames allows configuration changes without authentication

Basic Information

ID CVE-2025-64385

Source S21sec

Published Oct 31, 2025 at 14:23

Affected Product

Vendor Circutor

Product TCPRS1plus

Version 1.0.14

Affected Versions Circutor TCPRS1plus 1.0.14

CWE Classification

CWE-20

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor Circutor

Product TCPRS1plus

Version 1.0.14

References

{
    "lastseen": "",
    "description": "The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer\u2019s software.\nUsing the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.",
    "published": "2025-10-31T14:23:06.442Z",
    "modified": "2025-10-31T14:23:06.442Z",
    "type": "cve",
    "title": "INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES",
    "source": "S21sec",
    "references": "https://cds.thalesgroup.com/es/s21sec\nhttps://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./",
    "id": "CVE-2025-64385",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Circutor TCPRS1plus 1.0.14",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCPRS1plus",
    "version": "1.0.14",
    "vendor": "Circutor",
    "ai_description": "Incorrect security validation in sending UDP frames allows configuration changes without authentication",
    "ai_severity": "Critical",
    "ai_vendor": "Circutor",
    "ai_product": "TCPRS1plus",
    "ai_version": "1.0.14",
    "ai_score": 9.2
}

💭 Join the Security Discussion ❌ Cancel Reply