119 matches found
PT-2025-43984
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub 40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature ar...
D-Link DAP-2695 Operating System Command Injection Vulnerability
The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 version 2.00RC131 suffers from an operating system command injection vulnerability, which originates from the failure of the function fwupdatermain of the component Firmware Upda...
CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
EUVD-2025-34055
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
EUVD-2025-34058
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdatermain of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products th...
CVE-2025-11666
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...
CVE-2025-11665
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdatermain of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products th...
CVE-2025-11666
CVE-2025-11666 affects Tenda RP3 Pro firmware up to version 22.5.7.93. The vulnerability resides in the Firmware Update Handler’s force_upgrade.sh, where manipulating the current_force_upgrade_pwd argument can trigger use of a hard-coded password. Local attack required. Public exploit exists. Rem...
CVE-2025-11665 D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdatermain of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products th...
PT-2025-41760
Name of the Vulnerable Software and Affected Versions Tenda RP3 Pro versions through 22.5.7.93 Description A security issue exists in Tenda RP3 Pro up to version 22.5.7.93, specifically within the Firmware Update Handler component. Manipulation of the current force upgrade pwd argument in the for...
EUVD-2003-1597
Malware in sbrugna...
EUVD-2025-24943
Malicious code in bioql PyPI...
EUVD-2025-25639
Malicious code in bioql PyPI...
EUVD-2025-20154
Malicious code in bioql PyPI...
EUVD-2025-2091
Malicious code in bioql PyPI...
EUVD-2024-17441
Malicious code in bioql PyPI...
EUVD-2025-24945
Malicious code in bioql PyPI...
EUVD-2023-23692
Malicious code in bioql PyPI...
CVE-2025-9379
A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted...
CVE-2025-9379
This CVE concerns Belkin AX1800 router (firmware 1.1.00.016) with a vulnerability in the Firmware Update Handler. The issue is insufficient verification of data authenticity, enabling remote exploitation. Multiple connected sources corroborate that the vulnerability can be triggered remotely and ...