Ruijie RG-ES Series 安全漏洞

Ruijie RG-ES Series is a series of switches from Ruijie China. A security vulnerability exists in Ruijie RG-ES Series ESW1.01B1P39 version, which stems from a complete bypass of the authentication mechanism and could lead to device control...

The vulnerability in the built-in web server boa (/server/boa.conf) of the TRENDnet TV-IP110WN IP camera software allows a intruder to escalate their privileges and gain full control over the device.

The vulnerability of the built-in web server boa /server/boa.conf of the TRENDnet TV-IP110WN IP camera software is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and gain full control over the device...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

Linux Distros Unpatched Vulnerability : CVE-2021-47605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vdusedevioctl The config.offset comes from the user. There...

CVE-2025-7768 Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

CVE-2025-7768

CVE-2025-7768 affects Tigo Energy Cloud Connect Advanced (CCA). The root cause is hard-coded credentials that grant unauthorized administrative access, enabling privilege escalation and full device control, with potential to modify settings, disrupt solar energy production, and interfere with saf...

CVE-2025-7768 Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

CVE-2025-3705

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

CVE-2025-3705

CVE-2025-3705 describes an OS Command Injection vulnerability: loading a config file from a USB drive allows a physical attacker with no privileges to execute commands and gain full control of the affected device. Documents identify Frauscher Sensortechnik products (e.g., FDS101, FDS102, FDS-SNMP...

CVE-2025-3705 OS Command Injection via USB Config Load

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' when loading a config file from a USB drive...

CVE-2025-3626 OS Command Injection via Config Upload in WebUI

A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' while uploading a config file via webUI...

CVE-2025-3626 OS Command Injection via Config Upload in WebUI

A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command 'OS Command Injection' while uploading a config file via webUI...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

CVE-2025-27026 affects Infinera G42 version R6.1.3. A missing double‑check feature in the WebGUI CLI deactivation allows an authenticated administrator to disable multiple management interfaces across local and network access. The WebGUI‑driven CLI deactivation not only stops the CLI but also dea...

CVE-2025-27026 Improper Access Control Granularity impacting Infinera G42

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

The vulnerability of the websGetVar function in the /goform/set_blacklist file of the LB-LINK router software allows a violator to gain full control over the device.

The vulnerability of the websGetVar function in the /goform/setblacklist file of the LB-LINK router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to gain ful...

The vulnerability of the websGetVar function in the /goform/set_manpwd file of the LB-LINK microprogramming system allows a hacker to gain full control over the device.

The vulnerability of the websGetVar function in the /goform/setmanpwd file of the LB-LINK microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow a malicious actor, operating...

UBUNTU-CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the...