CVE-2026-9397

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2025-44018

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability

Talos Vulnerability Report TALOS-2025-2230 GL-Inet GL-AXT1800 OTA Update firmware downgrade vulnerability November 24, 2025 CVE Number CVE-2025-44018 SUMMARY A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can le...

EUVD-2023-46319

Malicious code in bioql PyPI...

EUVD-2021-9138

Malicious code in bioql PyPI...

EUVD-2021-9133

Malicious code in bioql PyPI...

CVE-2023-41827

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

CVE-2021-21962

A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger th...

CVE-2023-41827

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

Input validation

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

CVE-2023-41827

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

PT-2023-9141 · Owlet · Owlet Cam

Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...

CVE-2021-21967

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-21967

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

Cross site scripting

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-21967

CVE-2021-21967 affects Sealevel Systems SeaConnect 370W v1.3.34. The OTA update task parses a JSON payload over MQTT and copies the dest field from OTAUpdateStruct into a 0x40-byte buffer using strcpy, leading to a stack-based buffer overflow when dest exceeds the buffer and removing the null ter...

CVE-2021-21967

An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

Sealevel Systems SeaConnect 370W Buffer Overflow Vulnerability (CNVD-2022-10700)

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. A buffer overflow vulnerability exists in Sealevel Systems SeaConnect 370W, which stems from the product's OTA Update u-download feature that does not effectively limit memory...