17 matches found
DEBIAN-CVE-2025-66168
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
CVE-2025-66168
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...
EUVD-2019-4657
Malware in sbrugna...
CVE-2022-25136
A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...
CVE-2025-21608
Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are...
OESA-2024-2416 mosquitto security update
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...
PT-2023-27233 · Totolink · Totolink T10 V2
Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 v2 version 5.9c.5061 B20200511 Description: The issue is a stack-based buffer overflow in the setStaticDhcpConfig function located in /lib/cste modules/lan.so. Attackers can exploit this by sending crafted data in an MQTT packet,...
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...
TOTOLINK Technology Routers Command Injection Vulnerability (CNVD-2022-17114)
TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.The recvSlaveCloudCheckStatus function of TOTOLINK Technology Routers T6 and T10 A command injection vulnerability exists. An attacker can exploit this vulnerabili...
TOTOLink T6 Command Injection Vulnerability (CNVD-2022-17117)
TOTOLink T6 is a wireless dual-band router from TotoLink, China. recvmeshinfosync function of TOTOLink T6 is vulnerable to command injection. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
TOTOLINK Technology Routers Command Injection Vulnerability (CNVD-2022-17113)
TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.The recvSlaveUpgstatus function of TOTOLINK Technology Routers T6 and T10 is vulnerable to command injection. vulnerability. An attacker can exploit this...
TOTOLINK Technology Routers Command Injection Vulnerability (CNVD-2022-17115)
TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.A command injection vulnerability exists in the meshSlaveUpdate function of TOTOLINK Technology Routers T6 and T10. An attacker can exploit this vulnerability to...
TOTOLink T6 Command Injection Vulnerability (CNVD-2022-17118)
TOTOLink T6 is a wireless dual-band router from TotoLink, China.A command injection vulnerability exists in the meshSlaveDlfw function of TOTOLink T6. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
TOTOLINK Technology Routers Command Injection Vulnerability (CNVD-2022-17112)
TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.A command injection vulnerability exists in the updateWifiInfo function of TOTOLINK Technology Routers T6 and T10. An attacker can exploit this vulnerability to...
TotoLink routers 命令注入漏洞
TOTOLink T6 is a wireless dual-band router from China-based TotoLink. setUpgradeFW function of TOTOLink T6 is vulnerable to command injection. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
CVE-2016-10523
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth...
Denial of Service
Overview Versions of mqtt-packet prior to 3.4.6, or 4.x prior to 4.0.5 are affected by a denial of service vulnerability wherein specific sequences of MQTT packets can crash the application. Recommendation Version 3.x: Update to version 3.4.6 or later. Version 4.x: Update to version 4.0.5 or late...