Lucene search
K

170 matches found

Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.3 views

USBCoercer: A TinyUSB Based WPAD Coercion Device

USBCoercer turns an ESP32 development board with native USB-OTG into an Ethernet-over-USB gadget capable of coercing proxy configuration via WPAD. It builds on the TinyUSB Network Control Model NCM example and adds a minimalist DHCP server that injects DHCP option 252 WPAD/PAC and, additionally,...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/02 11:43 a.m.3 views

CVE-2025-57808

A vulnerability has been identified in ESPHome’s webserver component on the ESP-IDF platform where the HTTP basic authentication check AsyncWebServerRequest::authenticate can be bypassed. Due to incorrect comparison of the base64-encoded Authorization header value, authentication succeeds if the...

8.1CVSS6.8AI score0.01514EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.20 views

The vulnerability of the AES-XTS encryption algorithm implementation in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F allows a attacker to compromise the confidentiality of the protected information.

The vulnerability of the AES-XTS encryption algorithm implemented in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F is related to the number of surfaces that are vulnerable, with their quantitative measurement exceeding the desired maximum. Exploiting this vulnerability can allow attackers t...

4.2CVSS5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/09 8:23 p.m.9 views

CVE-2025-53540

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

8.7CVSS8.8AI score0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/07 7:26 p.m.18 views

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

8.7CVSS8.3AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/07 7:26 p.m.15 views

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

8.7CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2025/07/07 7:26 p.m.27 views

CVE-2025-53540

The CVE-2025-53540 entry concerns arduino-esp32 (Arduino core for ESP32/variants). Several OTA update examples and the HTTPUpdateServer allow POST requests without CSRF protection, enabling an attacker to upload arbitrary firmware and achieve remote code execution (RCE). Affected versions are pri...

8.7CVSS8.1AI score0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.9 views

PT-2025-28253 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.2.1 Description: The issue affects several OTA update examples and the HTTPUpdateServer implementation in the arduino-esp32 core, allowing an attacker to upload and execute arbitrary firmware due to a lack of...

8.7CVSS8AI score0.00299EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.7 views

arduino-esp32 跨站请求伪造漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. A cross-site request forgery vulnerability exists in arduino-esp32 versions prior to 3.2.1, which stems from an update endpoint accepting a POST request without CSRF protection...

8.7CVSS7.5AI score0.00299EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/28 3:17 p.m.6 views

CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS7.3AI score0.00396EPSS
Exploits0References1
NVD
NVD
added 2025/06/26 3:15 p.m.11 views

CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS0.00396EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/26 2:45 p.m.4 views

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS6.6AI score0.00396EPSS
Exploits0References4
CVE
CVE
added 2025/06/26 2:45 p.m.33 views

CVE-2025-53007

Arduino-ESP32 (Arduino core for ESP32) prior to 3.3.0-RC1 and 3.2.1 is affected by an HTTP Response Splitting vulnerability in WebServer.cpp: the sendHeader function accepts unvalidated header name/value, enabling CRLF injection to add headers or disrupt the HTTP response. Impact can include head...

9.3CVSS7.2AI score0.00396EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/26 2:45 p.m.10 views

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS0.00396EPSS
Exploits0References4
OSV
OSV
added 2025/06/26 2:45 p.m.5 views

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

9.3CVSS6.9AI score0.00396EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

arduino-esp32 注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An injection vulnerability exists in arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1, which stems from an HTTP response splitting vulnerability in the sendHeader function...

9.3CVSS7.1AI score0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.4 views

PT-2025-26980 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1 Description: The issue concerns a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP head...

9.3CVSS7.5AI score0.00396EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.6 views

Autel MaxiCharger AC Wallbox Commercial 安全漏洞

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from the bleprocessesp32msg function failing to properly validate the length size of input data, which can be...

8.8CVSS8.1AI score0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.5 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:35 p.m.8 views

CVE-2021-34173

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...

7.8CVSS6.6AI score0.01471EPSS
Exploits1References1
Rows per page
Query Builder