629 matches found
CVE-2021-30167
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...
CVE-2021-30168
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...
Information disclosure
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...
CVE-2021-30168
CVE-2021-30168 affects Merit Lilin ENT Co. IP cameras (P2/Z2/Z3). The root cause is an information-disclosure vulnerability that allows a remote attacker to improperly obtain/ Grant administrator credentials and take control of the device. Public reports describe sensitive data exposure and unaut...
CVE-2021-30167 MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...
CVE-2021-0275
A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...
CVE-2021-0275 Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.
A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...
WhatsApp Pink is malware spreading through group chats
By Habiba Rashid If installed; the fake and malicious WhatsApp pink app takes full control of a targeted device. This is a post from HackRead.com Read the original post: WhatsApp Pink is malware spreading through group chats...
CVE-2021-28685
AsIO264.sys and AsIO232.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process and to interact with MSR registers. This cou...
CVE-2020-35231
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...
CVE-2020-12527
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...
Advantech BB-ESWGP506-2SFP-T 信任管理问题漏洞
The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...
QNAP Systems Helpdesk Access Control Error Vulnerability
Qnap Systems QNAP Systems Helpdesk is a helpdesk application from China Wizlink Qnap Systems. An Access Control Error vulnerability exists in QNAP Systems Helpdesk versions prior to 3.0.3, which arises from improper access control and can be exploited by an attacker to gain control of a QNAP devi...
QNAP Systems Helpdesk Access Control Error Vulnerability (CNVD-2021-14803)
Qnap Systems QNAP Systems Helpdesk is a helpdesk application from China Wizlink Qnap Systems. An Access Control Error vulnerability exists in QNAP Systems Inc. Helpdesk versions prior to 3.0.3, which arises from improper access control and can be exploited by an attacker to gain control of a QNAP...
CVE-2020-28998
Geeni GNC-CW013 doorbell (firmware 1.8.1) is affected by CVE-2020-28998 due to a Telnet service vulnerability in which a system account uses a default/static password, enabling remote full control by an unauthenticated attacker. The issue is confirmed across multiple sources; the core root cause ...
Siemens LOGO! 8 BM
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently...
VMware Carbon Black Cloud Adds Device Control
With most organizations now working remotely, the chances your employees may unintentionally use restricted devices and infect your network has grown exponentially. With this threat in mind, we’re happy to announce the release today of device control in the VMware Carbon Black Cloud. Although the...
CVE-2018-17932
CVE-2018-17932 affects JUUKO K-800 (JUUKO Industrial Radio Remote Control). Affected firmware versions prior to the ending formats …9A, …9B, …9C are vulnerable to a replay attack and command forgery (authentication bypass by capture-replay). This could allow attackers to replay commands, view com...
CVE-2018-17932
JUUKO K-800 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc. is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running...
CVE-2020-1664
A stack buffer overflow vulnerability in the device control daemon DCD on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service DoS against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17....