630 matches found
CVE-2018-12260
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...
CVE-2018-14994
The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...
CVE-2018-10747
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary in the Diagnostics component using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...
CVE-2021-27169
An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account...
CVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276...
CVE-2016-10314
Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to read passwords via a direct request to the x.asp page...
CVE-2019-18832
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...
CVE-2019-20500
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...
CVE-2025-64091 Authenticated Remote Code Execution in the NTP-configuration
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...
CVE-2020-24577
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body...
CVE-2017-18718
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42...
CVE-2025-67070
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...
CVE-2019-25259
CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...
CVE-2019-12223
An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process...
Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host bsc1209554. CVE-2024-6505: heap-based buffer overflow in...
CVE-2022-50804
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery CSRF attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent...
CVE-2018-25155
Summary: CVE-2018-25155 affects Teradek Slice 7.3.15 with a cross-site request forgery vulnerability that lets an attacker change the administrator password without proper request validation. An attacker can lure a logged-in user to view a malicious page that auto-submits password-change requests...
CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...
CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...
CVE-2025-56098
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...