CVE-2022-23141

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information...

CVE-2017-18347

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug SWD commands because there is a race condition between full initialization of the SWD...

CVE-2019-20462

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi acce...

CVE-2020-7523

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver see security notification for versions which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileg...

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

CVE-2023-25646

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations...

CVE-2024-41692

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...

CVE-2024-39675

A vulnerability has been identified in RUGGEDCOM RMC30 All versions V4.3.10, RUGGEDCOM RMC30NC All versions V4.3.10, RUGGEDCOM RP110 All versions V4.3.10, RUGGEDCOM RP110NC All versions V4.3.10, RUGGEDCOM RS400 All versions V4.3.10, RUGGEDCOM RS400NC All versions V4.3.10, RUGGEDCOM RS401 All...

EUVD-2026-1791

The BIALTY - Bulk Image Alt Text Alt tag, Alt Attribute with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialtycsalt' post meta in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

EUVD-2026-1567

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability...

CVE-2025-65731

The CVE-2025-65731 entry concerns the D-Link Router DIR-605L (Hardware F1, Firmware V6.02CN02). The issue is root terminal access on a serial UART interface that is accessible when an attacker has physical access, allowing arbitrary command execution due to improper access control on the serial c...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-605L that stems from improper access control of the serial interface, which could lead to an arbitrary command execution attack...

Unauthenticated Information Disclosure

signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000441 advisory. A memory leak in the rtl8xxxusubmitinturb function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxucore.c in the Linux kernel through 5.3.11 allows attackers to cau...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000432)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000432 advisory. Two memory leaks in the rtlusbprobe function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000385 advisory. An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c...