EFM ipTIME Routers security vulnerabilities

EFM ipTIME Routers are a series of routers produced by the South Korean company EFM. The EFM ipTIME Routers have a security vulnerability, which stems from an OS command injection vulnerability in the upnp-relay function. The following products and versions are affected: A2003NS-MU version 10.00....

CVE-2022-38956

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.11.1.9 and earlier...

CVE-2025-12943

CVE-2025-12943 involves NETGEAR RAX30 and RAXE300 devices, where improper certificate validation in the firmware update logic lets an attacker who can intercept and modify traffic potentially execute arbitrary commands on the device. Affected products: NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400...

CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

PT-2025-43641

Name of the Vulnerable Software and Affected Versions D-Link DIR600L Ax version FW116WWb01 Description The D-Link DIR600L Ax device, version FW116WWb01, contains a buffer overflow. This occurs through the curTime parameter within the formSetEasy Wizard function. Recommendations Update to a newer...

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden store user passwords with MD5 without per-password salt, enabling offline dictionary/rainbow-table/brute-force attacks on a breached database. Connected sources confirm this insecure hashing practice and indicate the vendor has declined to se...

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

EUVD-2025-33911

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11650

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a...

CVE-2025-11650

CVE-2025-11650 affects Tomofun Furbo 360 (up to FB0035_FW_036) and Furbo Mini (up to MC0020_FW_074). The vulnerability is linked to the Password Handler’s /etc/shadow handling, where manipulation can lead to use of weak hash values. Impact is described as affecting the physical device with a high...

CVE-2025-11649

CVE-2025-11649 affects Tomofun Furbo 360 and Furbo Mini. The vulnerability ties to an unknown function in the Root Account Handler that, when manipulated, reveals a hard-coded password. Exploitation requires local access and is described as high complexity with low privileges and no user interact...

CVE-2025-11648

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...

CVE-2025-11647 Tomofun Furbo 360/Furbo Mini GATT Service information disclosure

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

EUVD-2025-33906

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

CVE-2025-11644

Tomofun Furbo 360 and Furbo Mini expose a UART Interface weakness that can lead to insecure storage of sensitive information. The flaw affects Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074, requiring physical access to the device and described as high complexity to exploit, wit...

PT-2025-41716

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in the HTTP Traffic Handler component of Tomofun Furbo 360 and Furbo Mini. This issue results in improper certificat...

PT-2025-41737

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves an unknown function within the Root Account...

PT-2025-41732

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A weakness exists in the UART Interface component of Tomofun Furbo 360 and Furbo Mini. Manipulation of this component can result i...

PT-2025-41718

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security flaw exists in the UART Interface component of Tomofun Furbo 360 and Furbo Mini. Successful manipulation of this...