CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

A newly disclosed vulnerability in R.V.R Elettronica’s TEX broadcast hardware has been assigned CVE-2025-63207, scoring 9.8 Critical on the CVSS scale. Security researcher Mohamed Shahat has revealed that a fundamental authentication flaw allows attackers to reset all user passwords — including the administrator — through a single unauthenticated HTTP request.

According to the report, the issue stems from “improper authentication checks on the /_Passwd.html endpoint,” which allows anyone on the network to modify account credentials without logging in.

At the heart of the vulnerability is the / _Passwd.html endpoint, which fails to enforce any authentication mechanisms before processing password-change requests.

The report explains that: “An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.”

Because no login is required and the exploit complexity is extremely low, the attack can be executed using simple tools like curl, Burp Suite, or even a basic script.

The PoC demonstrates this simplicity:

curl -X POST "http://<target-ip>/_Passwd.html" \
     -d "PSW_User=new_User_password&PSW_Oper=new_Oper_password&PSW_Admin=new_admin_password"

As stated in the report, “The system accepts the request and updates the passwords without authentication.”

Once the attacker sets a new admin password, they can instantly log in and take total control of the device.

The R.V.R Elettronica TEX product running:

• Firmware: TEXL-000400
• Web GUI: TLAN-000400
• Configuration Table: TEX-3K5L-01

is confirmed vulnerable.

The flaw directly affects the Authentication & Authorization subsystem, described as: “Weak Access Control in /_Passwd.html.”

This enables:

• Password reset for Admin, Operator, and User roles
• Full device takeover
• Potential manipulation of broadcast configurations
• Access to network-connected systems depending on deployment context

Given that R.V.R Elettronica broadcast devices are commonly deployed in telecommunications, broadcast transmission, and industrial environments, unauthorized access could lead to significant operational disruption.

As of the report, no official firmware update has been released.

Administrators are urged to follow the recommended interim defenses:

• Restrict access to /_Passwd.html using firewall rules or web server configurations.
• Monitor logs for unauthorized password change requests.
• Manually secure admin credentials by periodically changing them.

Until a patch is available, isolating the management interface from untrusted networks is critical.

Related Posts:

• NB65 released 786.2GB data from the All-Russia State Television and Radio Broadcasting Company
• New Attack Vector: Misconfigured Jupyter Servers Targeted for Illegal Streaming
• Apple Secures Exclusive F1 Broadcasting Rights in the US Starting 2026; F1 TV Pro Included with Apple TV
• CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover