CVE-2024-28008

CVE-2024-28008 affects NEC Aterm routers (multiple models listed, incl. WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, etc.). Root cause: Active Debug Code in the device allows an attacker to execute arbitrary OS commands via the internet. Impact: unauthenticated remote command execution with high r...

PT-2024-22204

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

Yamaha wireless LAN access point devices vulnerable to active debug code

Overview Active debug code CWE-489 exists in wireless LAN access point devices provided by Yamaha Corporation. The debug function can be enabled by performing specific operations. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

CVE-2024-22366

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

CVE-2024-22366

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

CVE-2024-22366

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

CVE-2024-22366

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or...

CVE-2024-22366

The CVE affects Yamaha WLX-series wireless LAN access points (WLX222, WLX413, WLX212, WLX313, WLX202) with firmware versions released up to: WLX222 <24.00.03, WLX413 <22.00.05, WLX212 <21.00.12, WLX313 <18.00.12, WLX202

Yamaha WLX222 Security Vulnerability

The Yamaha WLX222 is a wireless LAN access point device from Yamaha Corporation Japan. A security vulnerability exists in the Yamaha WLX222 v.24.00.03 and earlier versions, which stems from an active debug code issue that can be exploited by an attacker to execute arbitrary operating system...

CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service...

CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service...

Code injection

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service...

CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service...

CVE-2023-44298

Dell PowerEdge platforms (16G Intel E5 BIOS) and Dell Precision BIOS, version 1.4.4, are affected by an active debug code security vulnerability. The issue could allow an unauthenticated physical attacker to cause information tampering, code execution, or denial of service. The root cause is rela...

CVE-2023-44297

Dell PowerEdge platforms with 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code in the BIOS. An unauthenticated, physical attacker could potentially exploit this to cause information disclosure, information tampering, code execution, or denial of service. The roo...

CVE-2023-44297

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial ...

PT-2023-29196 · Dell +1 · Dell Poweredge +2

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge platforms 16G Intel E5 BIOS version 1.4.4 Dell Precision BIOS version 1.4.4 Description: The issue concerns active debug code security vulnerability in the BIOS. An unauthenticated physical attacker could potentially exploit...

PT-2023-29197 · Dell · Dell Poweredge +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS version 1.4.4 Description: The issue concerns active debug code security vulnerability in the BIOS. An unauthenticated physical attacker could potentially exploit this, leadin...

Authentication flaw

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

CVE-2023-32645

CVE-2023-32645 describes a leftover debug code vulnerability in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108 . A specially crafted network request can lead to an authentication bypass with very high impact (CVSS v3.1: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9...