InHand IR Series 安全漏洞

The InHand IR Series is a series of industrial-grade cellular wireless routers produced by InHand Corporation in the United States. The InHand IR Series contains a security vulnerability, which stems from command injection in the WireGuard VPN function. This vulnerability may allow attackers to...

CVE-2025-40947

CVE-2025-40947 affects ruggedized Siemens/RUGGEDCOM ROX lines: MX5000, MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000, all versions below V2.17.1. The root cause is improper sanitization of user-supplied input during the feature key installation process, enabling an authenticated ...

PT-2026-39981

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: A memory out-of-bounds issue was fixed in bnxtfillhwrsstbl. A recent commit modified the code in bnxtreserverings to set the default RSS indirection table to the default value only when the number of RX rings is changing...

CVE-2026-41446 WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...

CVE-2026-41446

The affected product is the Snap One WattBox 800 and 820 series running firmware

Semtech LR11xx LoRa 安全漏洞

Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. There are security vulnerabilities in Semtech LR11xx LoRa; these vulnerabilities stem from information leaks in earlier firmware versions, which could allow attackers to bypass the...

CVE-2026-26948

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially explo...

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

CVE-2026-27515

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

CVE-2026-22220

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...

Korenix JetNet Improper Verification of Cryptographic Signature (CVE-2023-5347)

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. This plugin only works with Tenable.ot...

CVE-2020-24354

Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by shell injection...

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed...

PT-2025-47236

Name of the Vulnerable Software and Affected Versions Zyxel DX3301-T0 versions 5.50ABVY.6.3C0 and earlier Description An uncontrolled resource consumption issue in the web server component of the software could allow an attacker to perform Slowloris-style denial-of-service DoS attacks. These...

Tomofun Furbo 360和Tomofun Furbo Mini 访问控制错误漏洞

Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. An access control error vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from improper acce...

VulnCheck KEV: CVE-2014-1635

Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103WW1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter...