46 matches found
EUVD-2019-18908
Malware in sbrugna...
EUVD-2024-32480
Malicious code in bioql PyPI...
PT-2025-39453
Name of the Vulnerable Software and Affected Versions Flock Safety Bravo Edge AI Compute Device version BRAVO 00.00 local 20241017 Description The Flock Safety Bravo Edge AI Compute Device allows attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader an...
CVE-2025-4371
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection...
CVE-2023-28386
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...
CVE-2023-26245
An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version e.g.,...
CVE-2019-10706
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to othe...
CVE-2018-4018
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...
CVE-2021-40419
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
Realtek rtl819x Jungle SDK Data Forgery Issue Vulnerability
The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China's Realtek Semiconductor Realtek. A data forgery issue vulnerability exists in Realtek rtl819x Jungle SDK version 3.4.11, which stems from a firmware update vulnerability in the boa formUpload function that can lead to...
CVE-2023-47166
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability...
Privilege escalation
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed...
Motorola MR2600 Security Vulnerability
The Motorola MR2600 is a wireless router from Motorola, USA. A security vulnerability exists in the Motorola MR2600 that stems from an arbitrary firmware upload vulnerability...
CVE-2024-23630 Motorola MR2600 Arbitrary Firmware Upload Vulnerability
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed...
Security feature bypass
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-34845
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
Robustel R1510 sysupgrade firmware update vulnerability
Talos Vulnerability Report TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability October 14, 2022 CVE Number CVE-2022-34845 SUMMARY A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can...
Carrier LenelS2 HID Mercury access panels have an unspecified vulnerability
Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, Inc. A security vulnerability exists in Carrier LenelS2 HID Mercury access panels, which stems from a vulnerable application that does not adequately authorize all restricted URLs, scripts or files. A remote attacker...
CVE-2021-40419
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2021-40419
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...