6 matches found
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
Svakom Siime Eye 安全漏洞
Svakom Siime Eye is a smart home device from Svakom USA. A security vulnerability exists in Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14, which stems from vulnerability to cross-site request forgery attacks...
A week in security (December 28 – January 3)
First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...
Samsung SmartThings Hub Buffer Overflow Vulnerability
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of the video-core HTTP server in Samsung SmartThings Hub STH-ETH-250 using firmware...
iSmartAlarm cube device encryption issue vulnerability
The iSmartAlarm cube devices are a smart home device from iSmartAlarm USA. An authentication bypass vulnerability exists in iSmartAlarm cube devices. A remote attacker can exploit this vulnerability to execute commands...