Lucene search
K

174 matches found

Cvelist
Cvelist
added 2025/10/20 12:0 a.m.14 views

CVE-2025-60856

Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...

0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.5 views

Reolink Video Doorbell WiFi DB_566128M5MP_W 安全漏洞

Reolink Video Doorbell WiFi DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell WiFi DB566128M5MPW, which originates from an unprotected UART serial console, and could allow a physically accessible attacker to execute arbitrary commands...

6.8CVSS7.5AI score0.00286EPSS
Exploits0References3
CVE
CVE
added 2025/10/20 12:0 a.m.18 views

CVE-2025-60856

CVE-2025-60856 affects Reolink Video Doorbell WiFi DB_566128M5MP_W via an unsecured UART/serial console that can grant root shell access with physical access. The vulnerability arises from exposed interface allowing arbitrary command execution as root; implications include complete device comprom...

6.8CVSS7.1AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19697

Malware in sbrugna...

7.5CVSS7.5AI score0.01512EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19698

Malware in sbrugna...

7.5CVSS7.5AI score0.0172EPSS
Exploits0References5
OSV
OSV
added 2025/07/02 2:15 p.m.4 views

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

4.9CVSS5.8AI score0.00335EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.4 views

CVE-2023-30354

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...

9.8CVSS7AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.9 views

CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

7.5CVSS7.1AI score0.0172EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:35 p.m.6 views

CVE-2002-2203

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information...

4.9CVSS6.6AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

CP Plus CP-XR-DE21-S 安全漏洞

The CP Plus CP-XR-DE21-S is a wireless router from CP Plus. A security vulnerability exists in the CP Plus CP-XR-DE21-S version 1.031.022, which stems from insufficient protection of the UART console and could lead to information disclosure...

5.1CVSS6.4AI score0.00196EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-26999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but i...

5.5CVSS6.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 7:1 a.m.1 views

DEBIAN-CVE-2022-49613

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usagecount for console handover When console is enabled, univ8250consolesetup calls serial8250consolesetup before .dev is set to uartport. Therefore, it will not call pmruntimegetsync. Later, when the actual...

5.5CVSS5.4AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/21 5:53 a.m.38 views

CVE-2024-7517 Privileged escalation via crafted use of portcfg command

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

8.5CVSS0.00626EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/21 5:53 a.m.31 views

CVE-2024-7517 Privileged escalation via crafted use of portcfg command

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

8.5CVSS7.2AI score0.00626EPSS
Exploits0References1
CVE
CVE
added 2024/11/21 5:53 a.m.74 views

CVE-2024-7517

CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...

8.5CVSS6.9AI score0.00626EPSS
Exploits0References1Affected Software1
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.20 views

Privileged escalation via crafted use of portcfg command

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

8.5CVSS7.5AI score0.00626EPSS
Exploits0
OSV
OSV
added 2024/09/30 7:15 a.m.4 views

CVE-2024-8449

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

6.8CVSS5.8AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/30 6:45 a.m.35 views

CVE-2024-8449 PLANET Technology switch devices - Local users' passwords recovery through hard-coded credentials

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password...

6.8CVSS0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/30 12:0 a.m.4 views

PLANET switch devices 信任管理问题漏洞

PLANET switch devices are a family of switch devices from PLANET Corporation in China. A trust management issue vulnerability exists in PLANET switch devices that stems from hard-coded credentials in the password recovery feature, allowing an unauthenticated attacker to connect to the device via...

6.8CVSS7AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.4 views

PT-2024-39019 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switches affected versions not specified Description: The issue concerns a hard-coded credential in the password recovering functionality of certain switch models from PLANET Technology. This allows an unauthenticated attack...

6.8CVSS7.2AI score0.0026EPSS
Exploits0References7
Rows per page
Query Builder