Lucene search
K

4 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.13 views

CVE-2026-50085

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.10 views

EUVD-2026-36474

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.3AI score0.00219EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/06/16 8:3 p.m.60 views

CVE-2022-27511: Citrix ADM Remote Device Takeover

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their Application Delivery Management ADM product. A remote, unauthenticated attacker can leverage CVE-2022-27511 to reset administrator credentials to the default...

7.8CVSS0.7AI score0.12048EPSS
Exploits0
CNVD
CNVD
added 2020/03/19 12:0 a.m.1 views

Netlink GPON Router Authentication RCE Vulnerability

Netlink GPON Router is a router device. An authentication RCE vulnerability exists in the Netlink GPON Router, which can be exploited by an attacker to take over a remote destination device...

7.2AI score
Exploits0References1
Rows per page
Query Builder