CVE-2025-1099

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

EUVD-2018-10483

Malware in sbrugna...

CVE-2024-3434

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-1099

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

CVE-2025-1099 Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

CVE-2025-1099 Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...

CVE-2024-52544

Lorex 2K Indoor Wi‑Fi Security Camera is affected by CVE-2024-52544 via the DP Service (TCP port 3500). An unauthenticated attacker can trigger a stack-based buffer overflow, enabling a path to remote code execution when chained with other vulnerabilities in the exploit chain described by Rapid7....

CVE-2024-3434

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclos...

CVE-2024-3434 CP Plus Wi-Fi Camera User Management improper authorization

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclos...

CVE-2024-3434 CP Plus Wi-Fi Camera User Management improper authorization

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclos...

CVE-2024-3434

CVE-2024-3434 affects CP Plus Wi‑Fi Camera (up to 20240401); the vulnerability lies in the User Management component and causes improper authorization. The issue can be exploited remotely; the exploit has been disclosed publicly. Available documents confirm the affected versions and the remote at...

CVE-2019-10999

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable...

Default credentials

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app e.g., change camera settings or play lullabies, it communicates directly with the Wi-Fi camera D-Link 825L firmware 1.08 with the credentials username and password in base64 cleartext...

CVE-2018-18767

The CVE affects D-Link myDlink Baby App v2.04.06 and D-Link 825L firmware v1.08. The root cause is that the app communicates with the camera using base64-encoded credentials in cleartext over the local network, enabling a local attacker to perform a MitM attack and easily obtain the username/pass...

CVE-2018-18767

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app e.g., change camera settings or play lullabies, it communicates directly with the Wi-Fi camera D-Link 825L firmware 1.08 with the credentials username and password in base64 cleartext...

CVE-2018-20050

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method...

Design/Logic Flaw

Mishandling of '' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on...

Design/Logic Flaw

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method...

CVE-2018-20051

Mishandling of '' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service crash and reboot via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on...

CVE-2018-20051

The CVE-2018-20051 entry refers to the Jooan JA-Q1H Wi‑Fi camera running firmware 21.0.0.91, where mishandling of the character '>' enables remote DoS by triggering ONVIF methods such as CreateUsers, SetImagingSettings, and GetStreamUri. The NVD entry lists a CVSSv3 base score of 7.5 (HIGH) wi...