A1 Security Vulnerabilities

CVE-2023-3103

Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a...

CVE-2023-3104

Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of...

CVE-2022-33322

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric.....

CVE-2021-42851

A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user...

CVE-2021-42849

A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical...

CVE-2021-42848

An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking...

CVE-2021-42850

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network...

CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the...

CVE-2019-12717

A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

CVE-2019-12662

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

CVE-2017-5925

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking...

CVE-2017-5927

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking...

CVE-2017-5926

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking...