CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017475 advisory. BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Tenable has extracted the...

EUVD-2025-175340

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

...

NETGEAR WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of wanhostname failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit...

CVE-2024-23238

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...

CVE-2022-3430

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

Lenovo Notebook 安全漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that stems from a potential flaw in the WMI installation driver, which could allow an attacker with elevated privileges to modify the secure boot settings by modifying th...

PT-2022-25278 · Acer · Acer Notebook

Name of the Vulnerable Software and Affected Versions: Acer Notebook devices affected versions not specified Description: The issue concerns a vulnerability in the HQSwSmiDxe DXE driver that may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by changing an NVRAM...

PT-2022-6630 · Lenovo · Wmi Setup Driver

Name of the Vulnerable Software and Affected Versions: Lenovo Notebook devices affected versions not specified Description: The issue is related to a potential vulnerability in the WMI Setup driver, which may allow an attacker with elevated privileges to modify secure boot settings. This can be...

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

Lenovo Notebook 安全漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. A security vulnerability exists in Lenovo Notebook that originates from the use of an incorrect driver that is incorrectly not deactivated. A local privileged user can modify the secure boot settings and bypass the implemented...

DLINK DCS-5020L wireless cloud camera remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

This article is mainly to demonstrate, how to find IOT device vulnerability. Look for the following commands of the injection process can be divided into 3 steps, somewhat similar to the 100 point CTF challenge: download the binary file, run the string, the tracking system calls to the origin of...

Microsoft Windows 10: Modify firmware environment values

This security setting determines who can modify firmware environment values. Firmware environment values are settings that are stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On all computers, this user right is required to install or...