Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/12 3:1 p.m.11 views

EUVD-2026-36475

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS5.5AI score0.00278EPSS
Exploits2References2
CVE
CVE
added 2026/06/12 3:1 p.m.26 views

CVE-2026-50085

The CVE-2026-50085 entry concerns the Aqara Board service at op-test.aqara.com. Connected sources provide concrete details: the service accepts arbitrary MQTT command payloads and forwards them to the platform’s HiveMQ broker without authentication, representing CWE-306 Missing Authentication for...

9.8CVSS5.6AI score0.00278EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.12 views

CVE-2026-50085 Aqara Board IoT insecure debug API

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS5.6AI score0.00278EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6036

Malware in sbrugna...

5.4CVSS5.6AI score0.00532EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.7 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.4CVSS6.8AI score0.00532EPSS
Exploits0
NVD
NVD
added 2020/08/26 4:15 p.m.21 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.4CVSS5.5AI score0.00532EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/26 3:23 p.m.23 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.5AI score0.00532EPSS
Exploits0References2
CVE
CVE
added 2020/08/26 3:23 p.m.36 views

CVE-2020-13821

HiveMQ Broker Control Center 4.3.2 is affected by a reflected XSS vulnerability: a crafted clientid in an MQTT packet sent to the Broker is echoed in the management console, causing attacker-owned JavaScript to load in the administrator’s browser and potentially steal the session and cookies. The...

5.4CVSS5.4AI score0.00532EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder