CVE-2025-63209

{"id": "CVE-2025-63209", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-11-19T18:15:49.067", "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63209_ELCA%20Star%20Transmitter%20Remote%20Control%20-%20Information%20Disclosure", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.elcaradio.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000, STAR1000, STAR500, and possibly other models, contains an information disclosure vulnerability allowing unauthenticated attackers to retrieve admin credentials and system settings via an unprotected /setup.xml endpoint. The admin password is stored in plaintext under the <p05> XML tag, potentially leading to remote compromise of the transmitter system."}], "lastModified": "2026-01-15T22:04:52.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:star150_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DCB1D49-BDE0-40E2-B4DA-F8EF2950C731"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:star150:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2C404AD-4AC7-43B7-A603-F2AB6010E275"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:bp1000_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CBA890D-8786-450E-B0D5-529D72DC119E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:bp1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97DAAC20-0678-422A-9543-8C8739DDC08F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:star300_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DCBF9FE-5E66-4302-AA53-8F7DFC97E65B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:star300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F73BF23-FBB1-4C30-B192-1AEE651CE351"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:star2000_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F0BEFB3-10A7-4FFB-861E-BE15BB5ABEAF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:star2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0400771-3687-45CA-B11B-79A535C1AC24"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:star1000_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255C19F1-72A1-4034-9942-464481115DF0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:star1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79C3C2FC-552E-497C-A780-91186FB64E1D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elcaradio:star500_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F28926EB-5265-45AE-9E26-E98134BDD70F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elcaradio:star500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E4259CA-BE44-4CE2-8CFB-5573BD613BB3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}