CVE-2025-63207

Name of the Vulnerable Software and Affected Versions R.V.R Elettronica TEX firmware TEXL-000400 and Web GUI TLAN-000400

Description The R.V.R Elettronica TEX product is affected by a broken access control issue. Improper authentication checks on the / Passwd.html API endpoint allow an attacker to send an unauthenticated POST request to modify the passwords for Admin, Operator, and User accounts, potentially leading to complete system compromise. Approximately 61 instances are reportedly exposed. The vulnerability allows attackers to reset all user passwords via a simple HTTP request.

Recommendations For firmware TEXL-000400 and Web GUI TLAN-000400, at the moment, there is no information about a newer version that contains a fix for this vulnerability.