21 matches found
EUVD-2016-5037
Malware in sbrugna...
CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2022-20054
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083...
CVE-2021-31698
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectelhandlefumocfg input in atfwddaemon...
Linux Distros Unpatched Vulnerability : CVE-2024-22122
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix allows to configure SMS notifications. AT command injection occurs on Zabbix Server because there is no validation of Number field on Web nor on Zabbix...
SUSE CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
CVE-2024-22122 AT(GSM) Command Injection
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
CVE-2024-22122 AT(GSM) Command Injection
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem...
PT-2024-6098 · Zabbix +4 · Zabbix +4
Name of the Vulnerable Software and Affected Versions: Zabbix versions 5.0.0 through 7.0.0rc2 Description: The issue is related to the configuration of SMS notifications in Zabbix, where an AT command injection occurs due to the lack of validation of the Number field. This allows an attacker to...
CVE-2023-38297
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup versionCode='3', versionName='2.1...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2023-38297
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup versionCode='3', versionName='2.1...
CVE-2023-38293
CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2022-20054
The CVE-2022-20054 issue affects the ims service, with a missing permission check enabling a possible AT command injection that could allow local escalation of privilege without additional execution privileges or user interaction. Affected context is MediaTek-based platforms (as per multiple sour...
CVE-2022-20054
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083...