30 matches found
OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
Summary The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload. Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker ca...
CVE-2025-65823
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...
CVE-2025-65826
The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...
EUVD-2025-202623
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...
CVE-2025-65823
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...
CVE-2025-65826
The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...
CVE-2025-65823
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...
CVE-2025-65823
CVE-2025-65823 affects the Meatmeet Pro device. The firmware reportedly ships with hardcoded Wi‑Fi credentials from its test network, enabling an attacker who obtains these credentials to gain unauthorized access to the vendor’s Wi‑Fi network. Additionally, a nearby attacker during initial setup ...
CVE-2025-65826
The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...
CVE-2025-65823
The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...
PT-2025-50498
Name of the Vulnerable Software and Affected Versions Meatmeet Pro affected versions not specified Description The Meatmeet Pro device was shipped with hardcoded Wi-Fi credentials intended for its test network. An attacker obtaining these credentials and locating the vendor’s Wi-Fi network could...
EUVD-2021-26125
Malware in sbrugna...
CVE-2009-10006 UFO: Alien Invasion <= 2.2.1 IRC Client Buffer Overflow
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply specifically a 001 message, the application fails to properly validate the length of...
Cherry pie, Douglas firs and the last trip of the summer
Welcome to this week's edition of the Threat Source newsletter. Diane, 2:01 p.m., August 21st. I've just returned from a remarkable journey through Seattle and the misty roads of the Olympic Peninsula. If you ever find yourself driving beneath those towering Douglas firs or dragged by your partne...
CVE-2021-39768
In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Longse NVR Security Vulnerability
Longse NVR is a series of network video recorders from China-based Longse Technology Longse. A security vulnerability exists in Longse NVR, which stems from the fact that the product creates a WiFi network with a default password, which is likely to remain unchanged as cameras in the same suite...
CVE-2021-39768
In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Design/Logic Flaw
In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-39768
In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking in the settings, which can be exploited by an attacker to add automatic connections to WiFi networks without the user's...