Beetel 777VR1 Access Control Vulnerability

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09/01.00.0955 and earlier have a vulnerability related to access control. This vulnerability stems from operations involving the UART interface component, which may lead to information leakage...

PT-2026-4679

A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09 55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the...

spi: fsl-cpm: Check length parity before switching to 16 bit mode

...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

PT-2026-2919

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions 24.1114.151.929 and earlier Description A flaw exists in the boot process of the Blurams Flare Camera that allows a nearby attacker to take control of the boot mechanism and obtain a bootloader shell through the...

AIRTH SMART HOME AQI MONITOR Bootloader 安全漏洞

The AIRTH SMART HOME AQI MONITOR Bootloader is the underlying software for an air quality detector from AIRTH India. A security vulnerability exists in AIRTH SMART HOME AQI MONITOR Bootloader version 1.005, which originates from physical proximity Attackers can access the BK7231N controller throu...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2019-20462

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi acce...

CVE-2024-41692

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-605L that stems from improper access control of the serial interface, which could lead to an arbitrary command execution attack...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

CVE-2025-65731

The CVE-2025-65731 entry concerns the D-Link Router DIR-605L (Hardware F1, Firmware V6.02CN02). The issue is root terminal access on a serial UART interface that is accessible when an attacker has physical access, allowing arbitrary command execution due to improper access control on the serial c...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

CVE-2025-67397

Passy v1.6.3 is affected by CVE-2025-67397. A vulnerability allows a remote authenticated attacker to execute arbitrary commands through a crafted HTTP request using a specific payload injection, with impact reported as total (high risk). Root cause details are not fully disclosed in the provided...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

PT-2026-1325

Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

EUVD-2025-205900

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...