Improper access control

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

CVE-2023-30732

CVE-2023-30732 affects Samsung Mobile devices running the SMR Oct-2023 Release 1. It arises from improper access control in a system property, enabling a local attacker to obtain the CPU serial number. Remediation is to update to SMR Oct-2023 Release 1 or later (per listed advisories).

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number...

CVE-2022-47891

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

Default credentials

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

CVE-2022-47891 Admin password reset in NetMan 204

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

CVE-2022-47891 Admin password reset in NetMan 204

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

PT-2023-22935 · Unknown · System Property

Name of the Vulnerable Software and Affected Versions: System property versions prior to SMR Oct-2023 Release 1 Description: The issue is related to improper access control in system property, allowing a local attacker to obtain the CPU serial number. Recommendations: For versions prior to SMR...

The vulnerability of the microprogramming software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary commands.

The vulnerability of microprogrammed software in the serial interface servers of Advantech EKI-1524, EKI-1522, and EKI-1521 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to...

Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...

WordPress Serial Codes Generator and Validator with WooCommerce Support Plugin < 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Software Serial Codes Generator and Validator with WooCommerce Support Type Plugin Vulnerable versions 2.4.15 Fixed in 2.4.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

CVE-2023-4376

The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2023-4376

The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

WordPress plugin Serial Codes Generator and Validator with WooCommerce Support Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-28968 · WordPress · Saso Serial Codes Generator/Validator With Woocommerce Support

Name of the Vulnerable Software and Affected Versions: Serial Codes Generator and Validator with WooCommerce Support WordPress plugin versions prior to 2.4.15 Description: The issue concerns the Serial Codes Generator and Validator with WooCommerce Support WordPress plugin, where some settings ar...

PT-2023-9478 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the SPI peripheral in the Linux kernel, where sometimes RX SPI transfers with DMA enabled return corrupted data due to single or multiple bytes lost during DMA...

CVE-2022-3407

I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing...

Digi RealPort 安全漏洞

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. A security vulnerability exists in the Digi RealPort Protocol that stems from vulnerability...

PT-2023-19197 · Motorola · Motorola Mbts Site Controller

Name of the Vulnerable Software and Affected Versions: Motorola EBTS/MBTS Site Controller affected versions not specified Description: The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical acce...