Lucene search
K

43 matches found

CVE
CVE
added 2026/05/02 9:30 a.m.16 views

CVE-2026-7611

TRENDnet TEW-821DAP firmware versions prior to 1.12B01 are affected. The issue lies in the Firmware Update Handler, specifically the cameo_dev.sh file’s platform_do_upgrade_cameo_dev() function, where data authenticity is not sufficiently verified. This allows remote manipulation of the update pr...

8.1CVSS5.1AI score0.00234EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.15 views

PT-2026-36602

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description An issue exists in the Firmware Update component within the '/www/cgi/ssi' file. This flaw allows for the remote cleartext transmission of sensitive information. The attack is characterized by hi...

6.3CVSS5.8AI score0.00319EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.3 views

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

6.8CVSS5.9AI score0.00117EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 5:16 p.m.2 views

CVE-2026-30603

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

6.8CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 12:0 a.m.11 views

CVE-2026-30603

CVE-2026-30603 concerns the firmware update mechanism of the Qianniao QN-L23PA0904 (version v20250721.1640). The available documents state that an attacker can achieve root access, install backdoors, and exfiltrate data by providing a crafted iu.sh script via an SD card. The connected sources do ...

6.8CVSS5.9AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29803

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...

5.9AI score0.00117EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Qianniao QN-L23PA0904 安全漏洞

Qianniao QN-L23PA0904 is a laptop power adapter produced by Qianniao Corporation. The version v20250721.1640 of Qianniao QN-L23PA0904 contains a security vulnerability. This vulnerability stems from issues with the firmware update mechanism. Attackers can obtain root access, install backdoors, an...

6.8CVSS5.8AI score0.00117EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.5 views

Nous W3 安全漏洞

Nous W3 is a webcam from the Polish company Nous. A security vulnerability exists in Nous W3 version 1.33.50.82, which stems from a flaw in the firmware update mechanism that allows an attacker in physical proximity to elevate privileges to root via a specially crafted update.tar archive file...

6.8CVSS6.4AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 12:0 a.m.8 views

CVE-2025-56438

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34369

Malicious code in bioql PyPI...

6.5CVSS4.1AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23687

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.009EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23683

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00668EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 1:22 p.m.12 views

CVE-2025-31355

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:9 p.m.25 views

CVE-2025-31355

CVE-2025-31355 affects the Tenda AC6 V5.0 (V02.03.01.110) firmware. Talos reports a firmware update vulnerability in the Firmware Signature Validation function that allows an attacker to flash a malicious upgrade file, potentially executing arbitrary code. The analysis shows the device validates ...

9.8CVSS7.8AI score0.0028EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/08 1:24 a.m.5 views

CVE-2025-8640

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS6.9AI score0.00929EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 2:15 a.m.6 views

CVE-2025-8655

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

6.8CVSS6.3AI score0.00668EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 2:15 a.m.7 views

CVE-2025-8644

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS0.009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/06 1:17 a.m.4 views

CVE-2025-8630 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS6.9AI score0.0094EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/05 12:0 a.m.8 views

(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of...

6.8CVSS6.8AI score0.00668EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/08/05 12:0 a.m.8 views

(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of...

6.8CVSS6.8AI score0.0094EPSS
Exploits0
Rows per page
Query Builder