CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034

CVE-2024-14034 affects Hirschmann HiEOS devices, featuring an authentication bypass in the HTTP(S) management module. The root cause is improper authentication handling that allows unauthenticated remote attackers to gain administrative access. Impact per sources includes the ability to perform u...

CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

PT-2026-29892

Name of the Vulnerable Software and Affected Versions Hirschmann HiEOS devices versions prior to 01.1.00 Description Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTPS management module. Attackers can gain administrative access by sending specially...

jooan-ja-a52-root

Jooan JA-A52 A2RU Root Exploit Full root shell on the Joo...

CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

CVE-2025-43873

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

EUVD-2025-203904

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873

Johnson Controls iSTAR Ultra/Ultra SE/Ultra LT (versions prior to 6.9.7.CU01) and Ultra G2/Edge G2 (prior to 6.9.3) are affected by an OS Command Injection vulnerability in the web application that could allow an attacker to modify firmware and gain full device control. Root cause: authenticated ...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

PT-2025-51838

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

Johnson Controls iSTAR series 安全漏洞

The Johnson Controls iSTAR series is a line of access control devices from Johnson Controls USA. A security vulnerability exists in the Johnson Controls iSTAR series that originates from an attacker being able to modify the firmware, potentially resulting in full access to the device. The followi...

Johnson Controls iSTAR Ultra

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

CVE-2025-65829

The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...

CVE-2025-59694

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the insecurely configured appliance boot process. To exploit this, the attacker must modify the...

EUVD-2025-200260

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the insecurely configured appliance boot process. To exploit this, the attacker must modify the...

CVE-2025-59695

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board without Authentication. This is called F04...