PT-2025-47499 · Elca · Star2000+6
Published
2025-11-19
·
Updated
2025-11-20
·
CVE-2025-63209
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ELCA Star Transmitter Remote Control firmware version 1.25
Description
The ELCA Star Transmitter Remote Control firmware version 1.25 has an issue that allows unauthenticated attackers to retrieve admin credentials and system settings. This is possible through access to the
/setup.xml API endpoint, which is unprotected. The admin password is stored in plaintext within the <p05> XML tag, potentially enabling remote compromise of the transmitter system. The affected models include STAR150, BP1000, STAR300, STAR2000, STAR1000, and STAR500, and potentially other models.Recommendations
Firmware version 1.25 should be updated to a version that addresses this issue.
Restrict access to the
/setup.xml API endpoint.
Ensure that sensitive information, such as admin passwords, is not stored in plaintext.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bp1000
Elca Star Transmitter Remote Control
Star1000
Star150
Star2000
Star300
Star500