77 matches found
EUVD-2026-36756
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...
CVE-2026-38065
The vulnerability CVE-2026-38065 affects Tenda 5G03 devices running firmware V05.03.02.04 (Version 1.0) . A command injection exists in the function action_ims_on_with_apn via the ims_apn parameter. This is supported by multiple connected sources (NVD, ENISA EUVD, CVE listings) confirming the sam...
CVE-2026-38065
Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...
PT-2026-49296
Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action ims on with apn function through the ims apn parameter. Recommendations At the moment, there is no information about a newer version that...
CVE-2023-40125
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2018-18375
goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...
CVE-2022-33302
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length...
CVE-2025-68706
CVE-2025-68706 affects KuWFi 4G LTE AC900 devices running firmware 1.0.13, in the GoAhead-Webs HTTP daemon. The vulnerability is in the /goform/formMultiApnSetting handler, which copies the user-provided pincode into a fixed 132-byte stack buffer using sprintf() without bounds checking. This stac...
CVE-2025-36921
In ProtocolPsUnthrottleApn of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...
CVE-2025-36921
In ProtocolPsUnthrottleApn of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...
PT-2025-50703
In ProtocolPsUnthrottleApn of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...
EUVD-2014-5061
Malware in sbrugna...
EUVD-2018-10106
Malware in sbrugna...
EUVD-2017-5241
Malware in sbrugna...
EUVD-2023-28601
Malicious code in bioql PyPI...
EUVD-2022-36345
Malicious code in bioql PyPI...
EUVD-2021-3616
Malicious code in bioql PyPI...
EUVD-2023-44732
Malicious code in bioql PyPI...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
Malicious code in @zalastax/nolb-apn (npm)
The package @zalastax/nolb-apn was found to contain malicious code...