29 matches found
CVE-2025-65825
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...
EUVD-2025-202615
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
CVE-2025-65829
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
CVE-2025-65825
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...
PT-2025-50500
Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description The firmware on the Meatmeet basestation is not encrypted. An attacker with physical access can retrieve the firmware dump via UART, potentially discovering credentials for current and...
CVE-2025-65829
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
CVE-2025-65825
The CVE-2025-65825 entry affects Meatmeet basestation firmware where the firmware image is not encrypted. The root cause is unencrypted firmware dumping via UART after physical access, enabling an attacker to extract the firmware and access credentials stored in the NVS partition for current and ...
CVE-2025-65829
The CVE concerns the ESP32 SoC used in Meatmeet basestation devices, where Secure Boot is absent. This breaks the chain of trust during the Application Startup Flow, allowing a physically proximate attacker to flash modified firmware and cause code execution at startup. The available connected do...
PT-2025-50537
Name of the Vulnerable Software and Affected Versions Meatmeet basestation devices with ESP32 system on a chip affected versions not specified Description The ESP32 system on a chip used in Meatmeet basestation devices lacks Secure Boot functionality. Secure Boot verifies the authenticity of...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2025-34454
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2019-13556
Malware in sbrugna...
EUVD-2019-13557
Malware in sbrugna...
CVE-2019-3949
Arlo Basestation firmware 1.12.0.127940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device...
CVE-2019-3950
Arlo Basestation firmware 1.12.0.127940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to...
Seaglider Basestation Software 安全漏洞
Seaglider Basestation Software is a Seaglider basestation from iop-apl-uw open source. A security vulnerability exists in Seaglider Basestation Software 3 3.0.4 and earlier versions, which stems from improper handling of the qcfile parameter in the file basestation3/qc.py, which could lead to a...