6479 matches found
EUVD-2025-35312
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
CVE-2025-62775
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...
CVE-2025-62775
CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...
EUVD-2025-35314
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
Mercku M6a 安全漏洞
Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and prior versions, which originates from allowing root login via TELNET using the web administrator password, which could lead to unauthorized access...
Mercku M6a 安全漏洞
Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from an administrator being able to enable TELNET sessions via a router.telnet.enabled.update request...
CVE-2025-62773
CVE-2025-62773 affects Mercku M6a firmware up to 2.1.0. The issue arises when an administrator can enable TELNET sessions through a router.telnet.enabled.update request, enabling TELNET access on the device. Affected component is the device’s TELNET capability; root cause is a misconfiguration/au...
CVE-2025-62773
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...
VulnCheck KEV: CVE-2023-41011
Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcuttelnet.cg component...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
EUVD-2025-34787
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
H3C Magic M安全漏洞
H3C Magic M is a series of wireless routers from China's Xinhua San H3C. A security vulnerability exists in H3C Magic M. The vulnerability stems from the use of hard-coded weak passwords or unset passwords in the firmware, which could allow an attacker to gain maximum root privileges via Telnet...
CVE-2025-61330
CVE-2025-61330 affects H3C Magic-branded devices. The root cause is a hard-coded weak password (or no password) for the root account in /etc/shadow, with Telnet enabled by default or user-enabled, and Virtual Servers exposing devices to the public network. This enables remote attacker access to r...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...