35 matches found
CVE-2025-23018
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...
EnBw SENEC Legacy Storage Box Exposed Interface
Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...
PT-2023-13541 · Lenovo · Lcfc Bios
Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models. This could allow a local attacker with elevated privileges to cause some peripherals to work...
Default credentials
A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...
GL.iNet devices 安全漏洞
GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an API endpoint displaying information about the Wi-Fi configuration, including the SSID and key...
Design/Logic Flaw
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...
CVE-2022-44000
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...
CVE-2021-34203
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 dir-2640-us, when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify...
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
Privilege escalation
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2018-14992
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...
CVE-2018-14992
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...
Design/Logic Flaw
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface...
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface...
CVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...