MidnightBSD

Advisories for rvr

CVE-2025-63207

The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.

Products Affected

Vendor Product Version
rvr tex150lcd/s_firmware texl-000400
rvr tex300lcd_firmware texl-000400
rvr tex702lcd_firmware texl-000400
rvr tex1002lcd_firmware texl-000400
rvr tex30lcd/s_firmware texl-000400
rvr tex502lcd_firmware texl-000400
rvr tex2500lcd_firmware texl-000400
rvr tex50lcd/s_firmware texl-000400
rvr tex2000light_firmware texl-000400
rvr tex3500lcd_firmware texl-000400
rvr tex100lcd/s_firmware texl-000400
CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
rvr tlk302t_firmware 1.5.1799