Description
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
References (3)
Core 3
Core References
Various Sources product
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./
Various Sources technical-description
https://www.hackrtu.com/blog/cg-0day-en-003/
Various Sources
https://cds.thalesgroup.com/es/s21sec
Scores
CVSS v4
9.2
EPSS
0.0046
EPSS Percentile
36.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
Circutor/TCPRS1plus
1.0.14
Published
Oct 31, 2025
Tracked Since
Feb 18, 2026