16 matches found
CVE-2026-33357
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
EUVD-2022-52578
Malicious code in bioql PyPI...
CVE-2022-30749
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity...
CVE-2025-0680
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud...
PT-2025-3999 · Unknown · Device Cloud
Name of the Vulnerable Software and Affected Versions: Device Cloud affected versions not specified Description: The issue concerns a vulnerability in the device cloud RPC command handling process. This vulnerability could allow remote attackers to take control of arbitrary devices connected to t...
GBCOM LAC WEB Control Center 跨站脚本漏洞
GBCOM LAC WEB Control Center is a WEB Control Center from China Huanchuang GBCOM. A security vulnerability exists in the GBCOM LAC WEB Control Center lac-1.3.x version that could allow an attacker to create arbitrary devices...
CVE-2022-39855
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices...
Improper access control
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices...
CVE-2022-39855
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices...
Design/Logic Flaw
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
ieGeek IG20 安全特征问题漏洞
The ieGeek IG20 is a webcam from ieGeek. A security vulnerability exists in the ieGeek IG20 hipcam RealServer version V1.0, which stems from a predictability flaw in the algorithm that generates the device id uid as a result of its faulty access control, allowing a remote attacker to directly...
CVE-2022-30749
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity...
Samsung mobile 授权问题漏洞
Samsung SmartThings is a powerful Samsung smart home mobile app from Samsung South Korea.An access control error vulnerability exists in versions prior to Samsung SmartThings 1.7.85.25. The vulnerability stems from improper access control and can be exploited by local attackers to bypass login...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : snapd vulnerability (USN-4728-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4728-1 advisory. Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for...
CVE-2018-10923
It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...
openSUSE 10 Security Update : pam_mount (pam_mount-5598)
pammount allowed users to mount arbitrary devices to any directory when the 'luserconf' configuration directive was set CVE-2008-3970. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...