Siemens RUGGEDCOM ROX II

SUMMARY RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test BIST mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where...

PT-2025-32658

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 affected versions not specified RUGGEDCOM ROX MX5000RE affected versions not specified RUGGEDCOM ROX RX1400 affected versions not specified RUGGEDCOM ROX RX1500 affected versions not specified RUGGEDCOM ROX RX1501 affecte...

CVE-2025-34151

A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...

Exploit for CVE-2024-32019

🚨 CVE-2024-32019 - Netdata ndsudo PATH Vulnerability Exploit...

CLSA-2025-1754340109 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: fix local privilege escalation vulnerability by updating libblockdev to prevent mounting of user-provided filesystem images with SUID- root shell...

CVE-2013-10050

An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...

CVE-2025-50777

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02 contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service...

CVE-2025-50777

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02 contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service...

PT-2025-31430 · Aziot · Aziot 2Mp Full Hd Smart Wi-Fi Cctv Home Security Camera

Name of the Vulnerable Software and Affected Versions: AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02 Description: The firmware contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Successful exploitation exposes...

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera 安全漏洞

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera is an indoor smart surveillance device from AZIOT India. A security vulnerability exists in AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02, which stems from improper access control and could lead to a local attacker...

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...

PT-2025-30278 · Commscope · Ruckus Zonedirector +1

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: An authenticated attacker can disable the passphrase requirement for a hidden CLI comman...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below lacks authorization controls and allows anyone to masquerade as a NetBotz camera. A path traversal vulnerability enables an attacker to create a malicious folder name capable of injecting arguments into specific shell...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

Reference: https://www.stratascale.com/vulnerability-alert-CVE-2...

MGASA-2025-0188 Updated udisks2 & libblockdev packages fix security vulnerabilities

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...