174 matches found
CVE-2025-60856
Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...
Reolink Video Doorbell WiFi DB_566128M5MP_W 安全漏洞
Reolink Video Doorbell WiFi DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell WiFi DB566128M5MPW, which originates from an unprotected UART serial console, and could allow a physically accessible attacker to execute arbitrary commands...
CVE-2025-60856
CVE-2025-60856 affects Reolink Video Doorbell WiFi DB_566128M5MP_W via an unsecured UART/serial console that can grant root shell access with physical access. The vulnerability arises from exposed interface allowing arbitrary command execution as root; implications include complete device comprom...
EUVD-2020-19697
Malware in sbrugna...
EUVD-2020-19698
Malware in sbrugna...
CVE-2025-27026
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...
CVE-2023-30354
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...
CVE-2020-27174
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...
CVE-2002-2203
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information...
CP Plus CP-XR-DE21-S 安全漏洞
The CP Plus CP-XR-DE21-S is a wireless router from CP Plus. A security vulnerability exists in the CP Plus CP-XR-DE21-S version 1.031.022, which stems from insufficient protection of the UART console and could lead to information disclosure...
Linux Distros Unpatched Vulnerability : CVE-2024-26999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but i...
DEBIAN-CVE-2022-49613
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usagecount for console handover When console is enabled, univ8250consolesetup calls serial8250consolesetup before .dev is set to uartport. Therefore, it will not call pmruntimegetsync. Later, when the actual...
CVE-2024-7517 Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-7517 Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-7517
CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...
Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-8449
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...
CVE-2024-8449 PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...
PLANET switch devices 信任管理问题漏洞
PLANET switch devices are a family of switch devices from PLANET Corporation in China. A trust management issue vulnerability exists in PLANET switch devices that stems from hard-coded credentials in the password recovery feature, allowing an unauthenticated attacker to connect to the device via...
PT-2024-39019 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switches affected versions not specified Description: The issue concerns a hard-coded credential in the password recovering functionality of certain switch models from PLANET Technology. This allows an unauthenticated attack...