CVE-2025-2864

Name of the Vulnerable Software and Affected Versions SaTECH BCU version 2.1.3

Description The issue allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser, which is a reflected XSS attack.

Recommendations For SaTECH BCU version 2.1.3, consider updating the firmware to a version that addresses this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to sensitive features that may be exploited through the reflected XSS attack.