← Back
2025-10-31 14:19CVE-2025-64389S21sec
PUBLISHED5.2CWE-319

EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT

The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.

Problem type

Affected products

Circutor

TCPRS1plus

1.0.14 - AFFECTED

References

cds.thalesgroup.com

https://cds.thalesgroup.com/es/s21sec

circutor.com

https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./

product

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-64389",
    "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
    "assignerShortName": "S21sec",
    "dateUpdated": "2025-10-31T14:23:39.792Z",
    "dateReserved": "2025-10-31T13:13:35.299Z",
    "datePublished": "2025-10-31T14:19:48.833Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
        "shortName": "S21sec",
        "dateUpdated": "2025-10-31T14:23:39.792Z"
      },
      "title": "EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Circutor",
          "product": "TCPRS1plus",
          "defaultStatus": "unknown",
          "versions": [
            {
              "version": "1.0.14",
              "status": "affected",
              "versionType": "Firmware"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "cweId": "CWE-319",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://cds.thalesgroup.com/es/s21sec"
        },
        {
          "url": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The new version of the device will use the HTTPS protocol.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "The new version of the device will use the HTTPS protocol.\n\n<br>"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Víctor Bello Cuevas",
          "type": "finder"
        },
        {
          "lang": "en",
          "value": "Aarón Flecha Menéndez",
          "type": "finder"
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-64389