CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

RedhatCVE•added 2026/01/09 12:27 p.m.•5 views

CVE-2018-12258

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting...

7.2CVSS7AI score0.00049EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:26 p.m.•6 views

CVE-2018-12259

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise...

7.2CVSS7AI score0.00043EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:26 p.m.•8 views

CVE-2018-12323

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console...

7.2CVSS7.2AI score0.00043EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:26 p.m.•4 views

CVE-2018-12260

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

6.7CVSS7.2AI score0.00066EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:24 p.m.•5 views

CVE-2018-12257

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in...

4.4CVSS6.9AI score0.00064EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 12:21 a.m.•3 views

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS7.1AI score0.00801EPSS

Exploits1References1

RedhatCVE•added 2025/11/20 12:21 a.m.•3 views

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

9.8CVSS7.1AI score0.00876EPSS

Exploits1References1

NVD•added 2025/11/19 4:15 p.m.•1 views

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

9.1CVSS0.0012EPSS

Exploits1References2

OSV•added 2025/11/19 4:15 p.m.•2 views

CVE-2025-63221

9.1CVSS5.9AI score0.0012EPSS

Exploits1References2

OSV•added 2025/11/19 3:15 p.m.•3 views

CVE-2025-63218

9.8CVSS5.8AI score0.00876EPSS

Exploits1References2

CNNVD•added 2025/11/19 12:0 a.m.•1 views

Axel StreamerMAX MK II 安全漏洞

Axel StreamerMAX MK II is an audio codec device from Axel Italy. A security vulnerability exists in the Axel StreamerMAX MK II versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a full crack of the device...

9.8CVSS6.8AI score0.00801EPSS

Exploits1References3

CNNVD•added 2025/11/19 12:0 a.m.•1 views

Axel WOLF1MS和Axel WOLF2MS 安全漏洞

Axel WOLF1MS and Axel WOLF2MS are both FM network monitoring devices from Axel Italy. A security vulnerability exists in Axel WOLF1MS and Axel WOLF2MS versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a complete crack ...

9.8CVSS6.8AI score0.00876EPSS

Exploits1References3

CNNVD•added 2025/11/19 12:0 a.m.•2 views

Axel PUMA 安全漏洞

Axel PUMA is an FM re-broadcast receiver and IP encoder device from Axel Italy. A security vulnerability exists in Axel PUMA versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a complete crack of the device...

9.1CVSS6.8AI score0.0012EPSS

Exploits1References3

CVE•added 2025/11/19 12:0 a.m.•18 views

CVE-2025-63223

The CVE-2025-63223 entry affects Axel Technology StreamerMAX MK II firmware versions 0.8.5–1.0.3. The root cause is Broken Access Control caused by missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, allowing unauthenticated remote attackers to list user accounts, create new administrat...

9.8CVSS6.7AI score0.00801EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/11/19 12:0 a.m.•3 views

PT-2025-47459

Name of the Vulnerable Software and Affected Versions Axel Technology WOLF1MS and WOLF2MS versions 0.8.5 through 1.0.3 Description The devices are subject to Broken Access Control because of a lack of authentication on the /cgi-bin/gstFcgi.fcgi API endpoint. This allows unauthenticated remote...

9.8CVSS7.1AI score0.00876EPSS

Exploits1References7