7637 matches found
CVE-2025-55810
A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...
CVE-2025-55810
A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...
PT-2025-46892
🚨 CVE-2025-55810 A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card. 🎖@cveNotify...
CVE-2025-55810
CVE-2025-55810 affects the Alaga Home Security WiFi Camera 3K, model S-CW2503C-H, with hardware version V03 and firmware 1.4.2. The documented vulnerability allows a physical attacker to execute commands as root by placing a script file with a specific name on an SD card inserted into the device....
Alaga Home Security WiFi Camera 安全漏洞
Alaga Home Security WiFi Camera is a series of home webcams from Alaga USA. A security vulnerability exists in Alaga Home Security WiFi Camera that originates from a physical attacker being able to execute root commands via a specifically named SD card script file...
CVE-2016-15055
JVC VN-T IP-camera models firmware versions up to 2016-08-22 confirmed on the VN-T216VPRU model contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary...
CVE-2016-15055
CVE-2016-15055 affects JVC VN-T IP-camera models with firmware up to 2016-08-22 (confirmed on VN-T216VPRU). The vulnerability is a directory traversal in the /checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this to read arbitrary fi...
CVE-2016-15055 JVC VN-T IP-Camera Directory Traversal via check.cgi
JVC VN-T IP-camera models firmware versions up to 2016-08-22 confirmed on the VN-T216VPRU model contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary...
CVE-2025-40156 PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe The drv-sramreg pointer could be set to ERRPTR-EPROBEDEFER which would lead to a error pointer dereference. Use ISERRORNULL to check that the pointer is vali...
PT-2025-46726
JVC VN-T IP-camera models firmware versions up to 2016-08-22 confirmed on the VN-T216VPRU model contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary...
JVC VN-T216VPRU 安全漏洞
The JVC VN-T216VPRU is a camera from JVC USA. A security vulnerability exists in the JVC VN-T216VPRU that stems from a directory traversal issue in the checkcgi endpoint, which could lead to reading arbitrary files on the device...
PT-2025-46303
Name of the Vulnerable Software and Affected Versions Axis affected versions not specified Description An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This issue is exploitable if the Axis device is configured to allow the installatio...
CVE-2025-63296
KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...
CVE-2025-63296
KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...
Fantasy Hub is spyware for rent—complete with fake app kits and support
Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...
CVE-2025-63296
KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...
CVE-2025-12636
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...
CVE-2025-12636 Ubia Ubox
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...
CVE-2025-12636 Ubia Ubox
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...
CVE-2025-12636
The CVE-2025-12636 affects Ubia/NVR Ubia camera ecosystem (notably Ubia Ubox). Root cause: insufficient protection of API credentials, enabling an attacker to connect to backend services. Impact (per sources): unauthorized access to cameras, allowing viewing live feeds and potential modification ...