14 matches found
EUVD-2025-28746
Malicious code in bioql PyPI...
EUVD-2025-19423
Malicious code in bioql PyPI...
CVE-2025-6522
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string...
CVE-2025-6522
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string...
CVE-2025-6522 TrendMakers Sight Bulb Pro Command Injection
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string...
CVE-2025-6522 TrendMakers Sight Bulb Pro Command Injection
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string...
CVE-2025-6522
CVE-2025-6522 affects TrendMakers Sight Bulb Pro. An unauthenticated adversary on an adjacent network can execute arbitrary commands as root via a vulnerable proprietary TCP protocol on port 16668 by sending a well-formed JSON string. This is described as a command-injection vulnerability in the ...
CVE-2025-6521 TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm
During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which...
CVE-2025-6521
CVE-2025-6521 affects the TrendMakers Sight Bulb Pro. During initial setup, AES keys are passed in cleartext as the device negotiates with an access point, enabling an attacker on an adjacent network to decrypt management app communications and potentially access credentials. The CISA ICS advisor...
CVE-2025-6521 TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm
During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which...
Trend Makers Sight Bulb Pro 命令注入漏洞
Trend Makers Sight Bulb Pro is a webcam from Trend Makers, USA. The Trend Makers Sight Bulb Pro suffers from a command injection vulnerability that stems from a vulnerability in the TCP protocol on port 16668, which could result in an unauthenticated user executing arbitrary commands...
PT-2025-27248 · Unknown · Sight Bulb Pro
Name of the Vulnerable Software and Affected Versions: Sight Bulb Pro affected versions not specified Description: The issue allows unauthenticated users on an adjacent network to run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This enables an...
PT-2025-27247 · Trendmakers · Trendmakers Sight Bulb Pro
Name of the Vulnerable Software and Affected Versions: TrendMakers Sight Bulb Pro affected versions not specified Description: The issue arises during the initial setup of the device, where the user connects to an access point broadcast by the Sight Bulb Pro. During this negotiation, AES Encrypti...
Trend Makers Sight Bulb Pro 加密问题漏洞
Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...