271 matches found
PT-2024-29677 · Unknown · Tem Opera Plus Fm Family Transmitter
Name of the Vulnerable Software and Affected Versions: TEM Opera Plus FM Family Transmitter affected versions not specified Description: The TEM Opera Plus FM Family Transmitter has an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system i...
PT-2024-31263 · Hathway +1 · Hathway Skyworth Router Cm5100 +1
Name of the Vulnerable Software and Affected Versions: Hathway Skyworth Router CM5100 version 4.1.1.24 Description: The issue allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. This can lead to the exposure of sensitive information. Recommendations:...
CVE-2024-39278
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...
CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...
CVE-2024-39278
CVE-2024-39278 affects Hughes WL3000 Fusion Software (versions prior to 2.7.0.10). The issue arises from credentials used to access device configuration information being stored unencrypted in flash memory, allowing read-only access to network and terminal configuration data. According to connect...
CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...
PT-2024-28417 · Hughes Network Systems +1 · Wl3000 Fusion +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration information being stored unencrypted in flash memory. These credentials allow read-only...
CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
If a SCSI READ10 command is initiated via USB using the largest LBA 0xFFFFFFFF with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to wri...
CVE-2022-32506
An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash...
Nuki Bridge 安全漏洞
Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in Nuki Bridge v1.x prior to v1.22.0 and v2.x prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from an attacker being able to use debugging functionality to control the execution of code o...
CVE-2022-32506
Summary: CVE-2022-32506 relates to Nuki Smart Lock firmware where the root cause involves BLE command access that can be misused. Connected document details (RH entry) describe that some BLE commands, which should be restricted to privileged accounts, could be invoked by unprivileged accounts. Af...
Cisco Adaptive Security Appliance Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...
Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...
CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...
CVE-2024-20359
CVE-2024-20359 affects Cisco ASA and Cisco FTD. A legacy capability flaw allows an authenticated local attacker to exploit improper validation of a file read from flash memory by copying a crafted file to disk0:, enabling arbitrary code execution with root privileges after the next device reload....
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...
Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞
Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect corpora...
CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...
CVE-2024-22807
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...
CVE-2024-22807
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...