CVE-2020-7202

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 4 iLO 4 firmware. The vulnerability could be remotely exploited to disclose the serial number and other information...

HPE Integrated Lights-Out and Integrated Lights-Out 5 Information Disclosure Vulnerabilities

HPE Integrated Lights-Out and HPE Integrated Lights-Out 5 iLO 5 are both products of Hewlett Packard Enterprise hpe, U.S.A. HPE Integrated Lights-Out is a remote control solution. HPE Integrated Lights-Out 5 is a remote control solution that enables remote monitoring and operation and maintenance...

CVE-2020-15797

A vulnerability has been identified in DCA Vantage Analyzer All versions V4.5 are affected by CVE-2020-7590. In addition, serial numbers 40000 running software V4.4.0 are also affected by CVE-2020-15797. Improper Access Control could allow an unauthenticated attacker to escape from the restricted...

CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

Unspecified Vulnerability in BIOTRONIK CardioMessenger II-S (CNVD-2020-52055)

The Biotronik CardioMessenger II-S is a portable medical monitoring device from Biotronik Germany. A security vulnerability exists in the Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20. An attacker could exploit the vulnerability to obtain medical...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

Integer overflow

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-14066

Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking Feature ID status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CAs Reissue Over One Million Weak Certificates

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half th...

CVE-2019-6535

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet...

CVE-2018-7938

P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...

Huawei P10 Information Disclosure Vulnerability

Huawei P10 is a smartphone product of the Chinese company Huawei Huawei. An information leakage security vulnerability exists in the Huawei P10 phone due to a lack of permission checking. An attacker induced users to install a malicious application, which could read certain hardware serial number...

Multiple Medtronic Products Information Disclosure Vulnerability (CNVD-2018-18137)

Medtronic MMT-508 MiniMed insulin pump and others are different models of insulin pumps from Medtronic, USA. An information disclosure vulnerability exists in a number of Medtronic products, which arises from communication between the pump and wireless accessories being passed in clear text. An...

CVE-2018-10634

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers...

Hacking Swann & FLIR/Lorex home security camera video

A few weeks back we read a story on the BBC web site about a BBC employee seeing someone else’s video footage on the mobile app for their home security camera. It wasn’t clear how this happened, but we were intrigued, so we bought several of the cameras in question to see for ourselves. We put a...

Multiple Rockwell Automation products have unspecified leaks (CNVD-2017-08714)

Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A and others are programmable logic controller PLC products from Rockwell Automation. A security vulnerability exists in a number of Rockwell Automation products where the vulnerable program fails to generate sufficient random...

Multiple Schneider Electric Modicon Product TCP Initial Serial Number Prediction Vulnerabilities

Schneider-Electric Modicon M251 and others are programmable controller products of Schneider Electric France. A security vulnerability exists in a number of Schneider Electric Modicon products, which arises from a program's failure to generate a sufficient number of random TCP initial serial...

CVE-2017-9132

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

Hardcoded credentials

A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded...

Charter Communications Fixes Data Leaking Vulnerability

Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers. Customers’ payment details, modem serial numbers, device names, account numbers, home addresses, were being spilled...