43 matches found
CVE-2026-7611
TRENDnet TEW-821DAP firmware versions prior to 1.12B01 are affected. The issue lies in the Firmware Update Handler, specifically the cameo_dev.sh file’s platform_do_upgrade_cameo_dev() function, where data authenticity is not sufficiently verified. This allows remote manipulation of the update pr...
PT-2026-36602
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description An issue exists in the Firmware Update component within the '/www/cgi/ssi' file. This flaw allows for the remote cleartext transmission of sensitive information. The attack is characterized by hi...
CVE-2026-30603
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...
CVE-2026-30603
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...
CVE-2026-30603
CVE-2026-30603 concerns the firmware update mechanism of the Qianniao QN-L23PA0904 (version v20250721.1640). The available documents state that an attacker can achieve root access, install backdoors, and exfiltrate data by providing a crafted iu.sh script via an SD card. The connected sources do ...
PT-2026-29803
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card...
Qianniao QN-L23PA0904 安全漏洞
Qianniao QN-L23PA0904 is a laptop power adapter produced by Qianniao Corporation. The version v20250721.1640 of Qianniao QN-L23PA0904 contains a security vulnerability. This vulnerability stems from issues with the firmware update mechanism. Attackers can obtain root access, install backdoors, an...
Nous W3 安全漏洞
Nous W3 is a webcam from the Polish company Nous. A security vulnerability exists in Nous W3 version 1.33.50.82, which stems from a flaw in the firmware update mechanism that allows an attacker in physical proximity to elevate privileges to root via a specially crafted update.tar archive file...
CVE-2025-56438
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...
EUVD-2024-34369
Malicious code in bioql PyPI...
EUVD-2025-23687
Malicious code in bioql PyPI...
EUVD-2025-23683
Malicious code in bioql PyPI...
CVE-2025-31355
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2025-31355
CVE-2025-31355 affects the Tenda AC6 V5.0 (V02.03.01.110) firmware. Talos reports a firmware update vulnerability in the Firmware Signature Validation function that allows an attacker to flash a malicious upgrade file, potentially executing arbitrary code. The analysis shows the device validates ...
CVE-2025-8640
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
CVE-2025-8655
Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...
CVE-2025-8644
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
CVE-2025-8630 Kenwood DMX958XR Firmware Update Command Injection Vulnerability
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
(0Day) (Pwn2Own) Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of...
(0Day) Kenwood DMX958XR Firmware Update Command Injection Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of...