CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

EUVD-2026-35453

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

EUVD-2026-35790

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

CVE-2026-0410 Insufficient input validation in certain NETGEAR routers

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...

PT-2026-48163

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

Kangda Xin DR300 安全漏洞

Kangda Xin DR300 is a wireless router produced by Kangda Xin Corporation. The Kangda Xin DR300 version 2.1.2.121 has a security vulnerability. This vulnerability stems from the inclusion of hardcoded login credentials, with telnet being enabled by default. It may allow attackers to read memory,...

CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...

CVE-2024-14034

CVE-2024-14034 affects Hirschmann HiEOS devices, featuring an authentication bypass in the HTTP(S) management module. The root cause is improper authentication handling that allows unauthenticated remote attackers to gain administrative access. Impact per sources includes the ability to perform u...

PT-2026-29892

Name of the Vulnerable Software and Affected Versions Hirschmann HiEOS devices versions prior to 01.1.00 Description Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass in the HTTPS management module. Attackers can gain administrative access by sending specially...

jooan-ja-a52-root

Jooan JA-A52 A2RU Root Exploit Full root shell on the Joo...

CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

CVE-2025-43873

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

EUVD-2025-203904

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873

Johnson Controls iSTAR Ultra/Ultra SE/Ultra LT (versions prior to 6.9.7.CU01) and Ultra G2/Edge G2 (prior to 6.9.3) are affected by an OS Command Injection vulnerability in the web application that could allow an attacker to modify firmware and gain full device control. Root cause: authenticated ...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...

CVE-2025-43873 iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device...