CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36616

CVE-2026-36616 affects Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The production firmware binary contains hardcoded WiFi driver credentials, including a RADIUS shared secret, a WPS test key, and a default PSK. This creates a risk of unauthorized access to the device’s wireless conf...

EUVD-2026-34154

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-10275

A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an atta...

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754

The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...

EUVD-2026-9270

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

PT-2026-22708

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48613

VBMeta vulnerability CVE-2025-48613 allows modifying and resigning VBMeta with a test key if the original image was signed with the same key, enabling local privilege escalation without extra execution privileges. No user interaction required. Exploitation details are not provided in the availabl...

EUVD-2025-208210

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...