46 matches found
CVE-2026-10045 CVE-2026-10045
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by...
GL-iNet Comet 安全漏洞
GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability present in GL-iNet Comet, which stems from insufficient verification of the authenticity of uploaded firmware files. This vulnerability may allow intermediate...
CVE-2025-64305
The connected sources describe a vulnerability in Columbia Weather Systems MicroServer where portions of the system firmware are copied to an unencrypted external SD card on boot, exposing user and vendor secrets in plaintext. This exposure could enable an attacker on the local network with admin...
PT-2026-1845
Name of the Vulnerable Software and Affected Versions Columbia Weather Systems MicroServer affected versions not specified Description The MicroServer copies portions of the system firmware to an unencrypted external SD card during boot. This firmware includes user and vendor secrets in plaintext...
PT-2025-51097
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
EUVD-2025-202615
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
CVE-2025-65829
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
CVE-2025-65829
The CVE concerns the ESP32 SoC used in Meatmeet basestation devices, where Secure Boot is absent. This breaks the chain of trust during the Application Startup Flow, allowing a physically proximate attacker to flash modified firmware and cause code execution at startup. The available connected do...
CVE-2025-59695
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board without Authentication. This is called F04...
CVE-2025-34502
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
EUVD-2025-35894
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34502
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34502
The CVE-2025-34502 entry affects Deck Mate 2 by lacking a verified secure-boot chain and runtime integrity validation for its controller and display modules. This allows a physically proximate attacker to modify or replace the bootloader, kernel, or filesystem, enabling persistent code execution ...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
EUVD-2022-33856
Malicious code in bioql PyPI...
EUVD-2023-57418
Malicious code in bioql PyPI...
EUVD-2025-19244
Malicious code in bioql PyPI...