Malicious Package

Overview deviceconfig is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-35773

Malicious code in deviceconfig npm...

Malicious code in deviceconfig (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 334658dd9323b980ee64b7dd16095cb07c51e894ce6d1dc121149bc9ebd3d89a Any computer that has this package installed or running should be considered...

MAL-2025-48563 Malicious code in deviceconfig (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 334658dd9323b980ee64b7dd16095cb07c51e894ce6d1dc121149bc9ebd3d89a Any computer that has this package installed or running should be considered...

PT-2024-27000 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 devices affected versions not specified Description: An issue was discovered on Swissphone DiCal-RED 4009 devices, where an attacker with access to the file /etc/deviceconfig may recover the administrative device...

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...