9.8
CVE-2025-63207
- EPSS 0.22%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 15.01.2026 19:55:05
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rvr ≫ Tex30lcd/s Firmware Versiontexl-000400
Rvr ≫ Tex50lcd/s Firmware Versiontexl-000400
Rvr ≫ Tex100lcd/s Firmware Versiontexl-000400
Rvr ≫ Tex150lcd/s Firmware Versiontexl-000400
Rvr ≫ Tex300lcd Firmware Versiontexl-000400
Rvr ≫ Tex502lcd Firmware Versiontexl-000400
Rvr ≫ Tex702lcd Firmware Versiontexl-000400
Rvr ≫ Tex3500lcd Firmware Versiontexl-000400
Rvr ≫ Tex1002lcd Firmware Versiontexl-000400
Rvr ≫ Tex2000light Firmware Versiontexl-000400
Rvr ≫ Tex2500lcd Firmware Versiontexl-000400
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.444 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.