Circutor Tcprs1plus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Circutor Tcprs1plus.
By the Year
In 2026 there have been 0 vulnerabilities in Circutor Tcprs1plus. Last year, in 2025 Tcprs1plus had 5 security vulnerabilities published. Right now, Tcprs1plus is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 0.00 |
It may take a day or so for new Tcprs1plus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Circutor Tcprs1plus Security Vulnerabilities
UDP Config Gain without Auth via MAC on IoT Device
CVE-2025-64385
- October 31, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturers software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Improper Input Validation
Sensitive Info Leak: Clear Text Transmission in Device Web Server
CVE-2025-64389
- October 31, 2025
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Cleartext Transmission of Sensitive Information
Apache HTTP Server DoS via crafted HTTP requests
CVE-2025-64388
- October 31, 2025
Denial of service of the web server through specific requests to this protocol
Resource Exhaustion
Clickjacking Vulnerability in Web App (CVE-2025-64387)
CVE-2025-64387
- October 31, 2025
The web application is vulnerable to a so-called clickjacking attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Clickjacking
JWT Session Hijacking via Token Reuse in IoT Web Server
CVE-2025-64386
- October 31, 2025
The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.
Insufficient Session Expiration
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Circutor Tcprs1plus or by Circutor? Click the Watch button to subscribe.
