Lucene search
K

78 matches found

EUVD
EUVD
added 2026/06/22 5:53 p.m.7 views

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/22 5:53 p.m.31 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
CVE
CVE
added 2026/06/22 5:53 p.m.16 views

CVE-2026-11834

CVE-2026-11834 describes a command-injection vulnerability in the DHCP option processing logic of multiple TP-Link routers, caused by insufficient validation of externally supplied DHCP option data. An adjacent attacker can exploit this by sending crafted DHCP responses, potentially during device...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

8.7CVSS6.2AI score0.00409EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-32965

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 4:16 a.m.3 views

CVE-2026-32965

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 3:17 a.m.3 views

CVE-2026-32965

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 3:17 a.m.29 views

CVE-2026-32965

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 3:17 a.m.12 views

CVE-2026-32965

CVE-2026-32965 affects silex technology SD-330AC and AMC Manager. The vulnerability arises from initializing a resource with an insecure default configuration, allowing a device on factory-default settings to be configured with a null string password upon network connection. This has potential im...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33703

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.9AI score0.05585EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 8:6 p.m.35 views

CVE-2026-3611

The CVE-2026-3611 entry describes unauthenticated access to the Honeywell IQ4x BMS controller web UI in factory-default configurations. Affected devices expose the full HMI via HTTP without requiring authentication when no user module is configured, leaving the system running under a System Guest...

10CVSS5.8AI score0.05585EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 8:6 p.m.3 views

CVE-2026-3611 Honeywell IQ4x BMS Controller Missing authentication for critical function

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.9AI score0.05585EPSS
Exploits1References3
Zero Science Lab
Zero Science Lab
added 2026/03/02 12:0 a.m.223 views

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

10CVSS5.7AI score0.05585EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.144 views

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.7 views

CVE-2020-12734

DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings...

8.1CVSS7AI score0.00941EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12047

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24, when used with a Baxter Spectrum v8.x model 35700BAX2 in a factory-default wireless configuration enables an FTP service with hard-coded credentials...

9.8CVSS6.9AI score0.01662EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2003-1336

Malware in sbrugna...

10CVSS6.4AI score0.01951EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-45180

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.00556EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-10434

Malicious code in bioql PyPI...

4.6CVSS6.4AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder