CVE-2026-50207

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

EUVD-2026-34219

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

PT-2026-46159

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

Exploit for CVE-2026-20980

Part 1: Arbitrary AT command execution CVE-2026-20980 Appl...

CVE-2017-18868

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

EUVD-2017-9959

Malware in sbrugna...

EUVD-2016-5038

Malware in sbrugna...

EUVD-2024-19719

Malicious code in bioql PyPI...

CVE-2025-5826

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

CVE-2025-5826

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

CVE-2025-5826

CVE-2025-5826 concerns Autel MaxiCharger AC Wallbox Commercial. The flaw is in the ble_process_esp32_msg function, arising from misinterpretation of input data. It allows network-adjacent attackers to inject arbitrary AT commands in the device context without authentication. Documented impact is ...

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bleprocessesp32msg functio...

PT-2025-18325 · Tesla · Tesla Model S

Name of the Vulnerable Software and Affected Versions: Tesla Model S versions affected versions not specified Description: This issue allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. The flaw exists within the parsing of responses from AT commands, resulting fr...

ROS-20240910-06

A vulnerability in the Zabbix universal monitoring system is related to improper code generation controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Zabbix universal monitoring system vulnerability is related to the ability to directly...

CVE-2024-22123

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

CVE-2024-22122

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...

CVE-2024-22123

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

CVE-2024-22123 Zabbix Arbitrary File Read

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

CVE-2024-22123

CVE-2024-22123 affects Zabbix server on Linux where SMS media can point to a GSM modem file. The underlying issue is that Linux treats everything as a file, allowing an attacker to replace the modem file with another file (e.g., a log file). Zabbix server may then attempt to communicate with that...