23 matches found
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
CVE-2025-65294
The vulnerability CVE-2025-65294 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Connected documents describe an undocumented remote access mechanism that enables unrestricted remote command execution, i.e., attacker-controlled commands...
PT-2025-50543
Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution...
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
EUVD-2016-6753
Malware in sbrugna...
EUVD-2019-2506
Malware in sbrugna...
EUVD-2020-8220
Malware in sbrugna...
š SIMCom SIM7600G Modem Undocumented Root Shell Access
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands. SEC Consult...
CVE-2020-16259
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user...
Insecure sannav access using undocumented Brocade SANnav user "sannav" (no CVE)
An external researcher made a claim that an undocumented "sannav" user with a default password existed in Brocade SANnav OVA v2.1.1 Brocade Response The "sannav" user is documented in the BrocadeĀ® SANnavā¢ Management Portal Installation and Migration Guide, 2.1.1x...
PT-2023-13708 Ā· Exfo Ā· Exfo Bv-10 Performance Endpoint Unit
Name of the Vulnerable Software and Affected Versions: EXFO BV-10 Performance Endpoint Unit affected versions not specified Description: The issue concerns an undocumented hard-coded privileged user in the EXFO BV-10 Performance Endpoint Unit. This means that there is a user account with elevated...
Phoenix Contact AXL F BK and IL BK äæ”ä»»ē®”ēé®é¢ę¼ę“
Phoenix Contact AXL F BK PN is a bus coupler from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact AXL F BK and IL BK that stems from the program having undocumented password-protected FTP access to the root directory...
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...
CVE-2020-16259
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user...
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation...
CVE-2019-15304
Lierda Grill Temperature Monitor V1.0050006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and...
CVE-2019-15304
CVE-2019-15304 affects ProGrade/Lierda Grill Temperature Monitor V1.00_50006. A default admin password enables an attacker to cause Denial of Service or Information Disclosure through the deviceās undocumented access-point configuration page. The vulnerability stems from hard-coded credentials (a...
CVE-2019-15304
Lierda Grill Temperature Monitor V1.0050006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and...
CVE-2019-10712
The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...