CVE-2025-63209 identifies a critical information disclosure vulnerability in the ELCA Star Transmitter Remote Control firmware version 1.25, affecting multiple models including STAR150, BP1000, STAR300, STAR2000, STAR1000, and STAR500. The vulnerability arises from an unprotected HTTP endpoint, /setup.xml, which exposes system configuration data without requiring authentication. Within this XML file, the admin password is stored in plaintext under the <p05> tag, enabling any unauthenticated attacker with network access to retrieve sensitive credentials. This flaw compromises the confidentiality of administrative credentials, which can be leveraged to gain unauthorized remote control over the transmitter devices. Such transmitters are often integral to broadcast and communication infrastructures, making them high-value targets. The absence of authentication and encryption on this endpoint significantly lowers the barrier to exploitation. Although no CVSS score has been assigned yet and no known exploits are reported, the vulnerability's characteristics suggest a high risk. The lack of patch information indicates that mitigation may currently rely on network-level controls and configuration changes until a firmware update is released. This vulnerability highlights poor security design in credential storage and endpoint protection within embedded firmware systems.

For European organizations, especially broadcasters, telecommunications providers, and critical infrastructure operators relying on ELCA Star Transmitter devices, this vulnerability poses a substantial risk. Unauthorized access to admin credentials can lead to full system compromise, allowing attackers to manipulate transmitter operations, disrupt broadcast services, or use the compromised devices as footholds for further network intrusion. The exposure of plaintext credentials increases the likelihood of credential theft and lateral movement within organizational networks. Disruption or manipulation of transmitter systems can have cascading effects on communication reliability, emergency services, and media dissemination. Given the strategic importance of communication infrastructure in Europe, exploitation could impact national security, public safety, and commercial operations. The vulnerability's ease of exploitation without authentication or user interaction exacerbates the threat, making it accessible to a wide range of attackers, including less sophisticated adversaries. The lack of known exploits currently provides a limited window for proactive defense, but the potential impact remains high.

1. Immediately restrict network access to the /setup.xml endpoint by implementing firewall rules or network segmentation to limit access only to trusted administrative hosts. 2. Disable or restrict HTTP access to the transmitter's management interface if possible, or enforce access via secure management channels such as VPNs or dedicated management networks. 3. Monitor network traffic for unusual requests targeting /setup.xml or other configuration endpoints to detect potential reconnaissance or exploitation attempts. 4. Engage with ELCA or authorized vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 5. If firmware updates are not yet available, consider temporary compensating controls such as deploying web application firewalls (WAFs) or reverse proxies to filter and block unauthorized requests. 6. Change default or known administrative passwords on all affected devices and ensure passwords are strong and unique. 7. Conduct regular security audits and penetration testing on transmitter systems to identify and remediate other potential vulnerabilities. 8. Educate operational staff about the risks and signs of compromise related to these devices to enhance incident detection and response.