CVE-2025-15113 Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload

Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...

PT-2025-54261

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description An authenticated attacker can upload MPFS File System binary images through an unprotected endpoint. This allows overwriting flash program memory and potentially executing...

EUVD-2024-39310

Malicious code in bioql PyPI...

EUVD-2024-17239

Malicious code in bioql PyPI...

CVE-2024-1491

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-41988 Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

CVE-2024-41988

CVE-2024-41988 affects TEM Opera Plus FM Family Transmitter (affected version: 35.45). An unprotected endpoint allows MPFS File System binary image upload without authentication, affecting the HTTP2 web server module and SNMP module (and shared storage access). This can be exploited to overwrite ...

CVE-2024-1491

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

CVE-2024-1491

CVE-2024-1491 affects Electrolink FM/DAB/TV Transmitters, where an unauthenticated unprotected endpoint permits MPFS2 file-system binary image uploads. The MPFS2 read-only storage can reside in external EEPROM/flash and backs the HTTP2 web server and other components; exploitation could overwrite...

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution Vulnerability

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vulnerability

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...