EUVD-2026-26379

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

Advantech SUSI 安全漏洞

Advantech SUSI is a set of embedded system interface management tools from Advantech, Taiwan, China. A security vulnerability exists in Advantech SUSI 5.0.24335 and prior versions, which stems from improper access control and could lead to elevation of privilege and arbitrary code execution...

[SECURITY] [DLA 4320-1] u-boot security update

Debian LTS Advisory DLA-4320-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert October 01, 2025 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u2 CVE ID : CVE-2021-27097 CVE-2021-27138 Debian Bug : 983269 983270 Multiple vulnerabilties...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. A denial of service vulnerability exists in the Cesanta MJS mjsarraylength function,...

Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1725 Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability November 14, 2023 CVE Number CVE-2023-24585 SUMMARY An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafte...

The vulnerability of the ms_lib_process_bootblock() function in the drivers/usb/storage/ene_ub6250.c file of the ene_usb6250 driver for the ENE SD/MS embedded system in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the mslibprocessbootblock function in the drivers/usb/storage/eneub6250.c file of the eneusb6250 driver for the ENE SD/MS embedded system in the Linux operating system is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow a...

CVE-2023-25185

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating syst...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

NVIDIA Jetson 权限许可和访问控制问题漏洞

Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. A privilege permission and access control issue vulnerability exists in various pieces of NVIDIA Jetson software, which arises from unauthorized modification of camera resources. An attacker could exploit this...

CVE-2021-21552

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the...

GE Grid Solutions UR 安全漏洞

GE Grid Solutions UR is an embedded operating system from GE Grid Solutions, France. It provides high-performance protection, scalable I/O, integrated monitoring and metering, high-speed communications, and extensive programming and configuration capabilities. A security vulnerability exists in G...

Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server

Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine...

Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4449)

Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

ALEOS Mismanagement of Privileges Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. ALEOS versions prior to 4.11.0, 4.9.4, and 4.4.9 contain a mismanagement of privileges vulnerability that can be exploited by an authenticated attacker to elevate privileges to root via a command she...

The vulnerability of the Ustream-SSL library in the embedded operating system OpenWrt allows a attacker to execute a type of attack known as “man-in-the-middle” attack.

The vulnerability of the Ustream-SSL library in the embedded operating system OpenWrt is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

The vulnerability of the embedded web-server microprogramming software for Moxa MGate models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 allows a hacker to gain full access to the system.

The vulnerability of the embedded web-server microprogramming software for Moxa MGate models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 lies in the lack of restrictions on excessive authentication attempts. Exploiting this vulnerability allows a malicious actor to gain full access to the...

Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25702)

Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability by sending a reverse ARP response to an affected system to assign a unicast IPv...

The vulnerability of the microprogramming software of the Siklu EtherHaul radio relay station, related to the use of pre-installed account data, allows a intruder to gain access to the embedded operating system with administrator privileges.

The vulnerability of the microprogramming software of the Siklu EtherHaul radio relay station is related to the use of a pre-installed root account. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the embedded operating system with administrator...