691 matches found
CVE-2020-12266
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...
CVE-2024-39278
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...
Zenitel ICX500和Zenitel ICX510 安全漏洞
The Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from an authenticated attacker being able to execute commands via the device's NTP configuration...
CVE-2013-7395
ZOLL Defibrillator / Monitor X Series has a default 1 supervisor password and 2 service password, which allows physically proximate attackers to modify device configuration and cause a denial of service adverse human health effects...
PT-2025-53360
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...
CVE-2025-61740
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...
EUVD-2025-204712
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...
Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞
The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
EUVD-2025-204258
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
PT-2025-52222
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...
CVE-2025-14432
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...
EUVD-2025-203769
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...
EUVD-2023-60194
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...
CVE-2023-53896
CVE-2023-53896 affects D-Link DAP-1325 firmware 1.01. The Red Hat/NVD/CVE entries describe a broken access control that allows unauthenticated retrieval of device configuration settings via /cgi-bin/ExportSettings.sh, enabling disclosure of sensitive configuration data. The issue is rooted in acc...
CVE-2025-14432
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...
CVE-2025-14432
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...
CVE-2025-14432
CVE-2025-14432 affects HP video conferencing products (HP TC8/TC10 noted in CNNVD) with a data-leakage issue where sensitive data could be written to log files when an admin uses Microsoft Teams Admin Center (TAC) to apply device configuration changes. The log file is restricted to admins but exp...