594 matches found
EUVD-2015-9425
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...
CVE-2017-20233
CVE-2017-20233 affects Hirschmann HiLCOS devices OpenBAT, BAT450, WLC, and BAT867. The issue is a firewall filtering vulnerability where IPv4 multicast and broadcast traffic are not correctly filtered when management IP address filtering is disabled, allowing bypass of configured firewall rules. ...
CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...
CVE-2010-0574
Unspecified vulnerability in Cisco Wireless LAN Controller WLC software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service device reload via a...
CVE-2010-0575
Cisco Wireless LAN Controller WLC software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034...
CVE-2013-6684
The web framework on Cisco Wireless LAN Controller WLC devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011...
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
Tinycontrol LAN Controller 安全漏洞
Tinycontrol LAN Controller is a building automation controller from Tinycontrol Poland. A security vulnerability exists in Tinycontrol LAN Controller version 1.58a, which stems from an authentication bypass that could lead to modification of administrator credentials...
CVE-2023-53739
Tinycontrol LAN Controller v3 LK3 (version 1.58a) exposes an unauthenticated vulnerability that allows remote attackers to download configuration backup files (lk3_settings.bin) and extract base64-encoded user and admin passwords. Root cause appears to be improper access control on backups, leadi...
CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
EUVD-2018-1211
Malware in sbrugna...
EUVD-2013-6486
Malware in sbrugna...
EUVD-2018-1239
Malware in sbrugna...
EUVD-2018-1240
Malware in sbrugna...
EUVD-2019-10353
Malware in sbrugna...
EUVD-2019-10362
Malware in sbrugna...
EUVD-2019-10387
Malware in sbrugna...