CVE-2023-32645

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

CVE-2023-32645

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

Yifan YF325 httpd debug credentials leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...

Mitsubishi Electric MELSEC WS Series Active Debug Code (CVE-2023-1618)

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by...

Sensormatic Electronics Illustra Pro Gen 4

1. EXECUTIVE SUMMARY ​CVSS v3 8.3 ​ATTENTION: Exploitable via adjacent network ​Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. ​Equipment: Illustra Pro Gen 4 ​Vulnerability: Active Debug Code 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an...

CVE-2023-1618

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and i...

CVE-2023-1618 Authentication Bypass Vulnerability in MELSEC WS Series Ethernet Interface Module

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and i...

Mitsubishi Electric MELSEC WS Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: WS0-GETH00200 Vulnerabilities: Active Debug Code 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-138-02...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

PT-2023-18250 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityManagerService versions prior to SMR May-2023 Release 1 Description: The issue allows an attacker to utilize a debug function by setting the debug level, potentially exploiting the Active Debug Code vulnerability in...

CVE-2022-36348

Active debug code in some Intel R SPS firmware before version SPSE504.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Active debug code in some Intel R SPS firmware before version SPSE504.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-36348

Active debug code in some Intel R SPS firmware before version SPSE504.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Cross site request forgery (csrf)

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

PT-2023-13638 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A leftover debug code issue in the httpd shell.cgi functionality can be exploited by sending a specially-crafted HTTP request, potentially leading to remote code execution...

Siretta QUARTZ-GOLD 安全漏洞

Siretta QUARTZ-GOLD is a high-speed industrial router from Siretta. Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 contains a residual debug code vulnerability that can be exploited by attackers to cause remote code execution by sending specially crafted HTTP requests...

Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELFA SD/SQ series and F-series Robot Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1610 Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability January 26, 2023 CVE Number CVE-2022-38715 SUMMARY A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

CVE-2023-22357

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the...