27 matches found
EUVD-2025-4191
Malicious code in bioql PyPI...
EUVD-2025-4194
Malicious code in bioql PyPI...
EUVD-2025-4193
Malicious code in bioql PyPI...
CVE-2025-26411
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface...
CVE-2025-26410
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26408
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...
CVE-2025-26409
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...
Wattsense Bridge 6.x Remote Root / Information Disclosure
Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...
CVE-2025-26410
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26409
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26410 Weak Hard-coded Credentials
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26410
Wattsense Bridge firmware prior to 6.4.1 contains hard-coded user/root credentials; recovered passwords enable login via the serial interface, leading to total compromise. The backdoor user has been removed in firmware BSP >= 6.4.1. Recommended remediation: update Wattsense Bridge firmware to ...
CVE-2025-26410 Weak Hard-coded Credentials
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. T...
CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...
CVE-2025-26409
Wattsense Bridge devices are affected. A serial interface accessible with physical access to the PCB can grant bootloader access and a Linux login prompt, enabling a root shell via the bootloader. This stems from exposed serial/bootloader interfaces on the device when physically tampered. The iss...
CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...
CVE-2025-26408
CVE-2025-26408 affects Wattsense Bridge devices where the JTAG interface is unprotected and accessible via physical access to the PCB, granting full device access (extract/modify firmware) across all known versions. Root cause per SEC Consult/PacketStorm analysis is an unprotected JTAG interface ...
CVE-2025-26408 Unprotected JTAG Interface
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...
CVE-2025-26408 Unprotected JTAG Interface
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...