CVE-2026-5818

The CVE-2026-5818 entry concerns the Caliptra Core Runtime Firmware and describes an incorrect return-value check in ActivateFirmwareCmd::activate_fw modules, which allows bypassing the Core’s verification of MCU firmware during a hitless update. Affected versions are Core Runtime Firmware 2.0.0 ...

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting

Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...

TOTOLINK A3002RU 1.0.8 - Information Disclosure

TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...

Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass

Zyxel NBG2105 V1.00AAGU.2C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access. id: CVE-2021-3297 info: name: Zyxel NBG2105 V1.00AAGU.2C0 - Authentication Bypass author: gy741 severity: high description: Zyxel NBG21...

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

TotoLink Router setMacFilterRules - Command Injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. id: CVE-2024-24328 info: name: TotoLink Router setMacFilterRules - Command Injection author: pussycat0x severity: critical description: |...

ZTE Cable Modem Web Shell

ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to webshellcmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author:...

Sony IPELA Engine IP Camera - Hardcoded Account

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in livecheck.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...

Wavlink WN-535G3 - Cross-Site Scripting

Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi. id: CVE-2022-30489 info: name: Wavlink WN-535G3 - Cross-Site Scripting author: For3stCo1d severity: medium description: | Wavlink WN-535G3 contains a POST cross-site scripting...

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the livemfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. id:...

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

TP-Link Archer C20 - Authentication Bypass

A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

ASUS DSL-AC88U - Authentication Bypass

A vulnerability in the ASUS DSL-AC88U router permits unauthorized individuals to bypass authentication.When adding "/js/..%2f%2f" or "/images/..%2f%2e" to the requested URL, it will be recognized as passing the authentication.This vulnerability is part of a broader authentication bypass issue...