7.5
CVE-2025-63209
- EPSS 0.08%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 15.01.2026 22:04:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. The admin password is stored in plaintext under the <p05> XML tag, potentially leading to remote compromise of the transmitter system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elcaradio ≫ Star150 Firmware Version1.25
Elcaradio ≫ Bp1000 Firmware Version1.25
Elcaradio ≫ Star300 Firmware Version1.25
Elcaradio ≫ Star2000 Firmware Version1.25
Elcaradio ≫ Star1000 Firmware Version1.25
Elcaradio ≫ Star500 Firmware Version1.25
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.228 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.