CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure

ZTE ZXHN H188A version 6 suffers from an authentication bypass vulnerability via a pre-login wizard credential leak. Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leak Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34472 Vendor: ZTE...

Netis E1+ 安全漏洞

Netis E1+ is a wireless signal amplifier developed by the Chinese company Netis. Version 1.2.32533 of Netis E1+ contains a security vulnerability. This vulnerability stems from an information leakage flaw, allowing attackers to send GET requests to the netcoreget.cgi endpoint, potentially leading...

PT-2026-5843

Name of the Vulnerable Software and Affected Versions Netis E1+ version 1.2.32533 Description An information disclosure issue exists that allows unauthenticated attackers to retrieve WiFi passwords. Attackers can send a GET request to the ''netcore get.cgi'' endpoint to extract sensitive network...

CVE-2022-35122

An access control issue in Ecowitt GW1100 Series Weather Stations =GW1100Bv2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords...

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...

EUVD-2022-38020

Malicious code in bioql PyPI...

EUVD-2024-32352

Malicious code in bioql PyPI...

AutoRDPwn

This is a post-exploitation framework called AutoRDPwn, written in PowerShell. It is designed to automate the Shadow attack on Microsoft Windows computers, which allows a remote attacker to view and control the victim's desktop without their consent. The framework has a user-friendly interface an...

CVE-2023-46978

TOTOLINK X6000R V9.4.0cu.852B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication...

NEC Aterm多款产品 访问控制错误漏洞

The NEC Aterm WF1200C and others are a wireless router from Nippon Electric NEC. An access control error vulnerability exists in various NEC Aterm products that stems from a lack of authentication for critical functions, allowing an attacker to obtain Wi-Fi passwords over the Internet. The...

CVE-2024-34682

Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from Settings containing an improper...

PT-2024-26103 · Settings · Settings

Name of the Vulnerable Software and Affected Versions: Settings versions prior to SMR Nov-2024 Release 1 Description: The issue is related to improper authorization in Settings, allowing physical attackers to access stored WiFi passwords in Maintenance Mode. This affects devices that have not bee...

Fedora: Security Advisory for rust-asahi-wifisync (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-asahi-wifisync-0.2.0-3.fc39

A tool to sync Wifi passwords with macos on ARM Macs...

Fedora: Security Advisory for rust-asahi-wifisync (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-asahi-wifisync-0.2.0-3.fc40

A tool to sync Wifi passwords with macos on ARM Macs...