Lucene search
K

430 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:4 a.m.4 views

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

9CVSS7.1AI score0.02238EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 a.m.7 views

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

7.8CVSS7AI score0.01537EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:43 a.m.9 views

CVE-2017-18372

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the toolstime.asp page and can be exploited through the...

9CVSS7.2AI score0.21887EPSS
Exploits3References1
OSV
OSV
added 2025/05/05 9:15 a.m.5 views

CVE-2025-2905

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

9.1CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2025/05/05 9:2 a.m.193 views

CVE-2025-2905

The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...

9.1CVSS6.2AI score0.01146EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/06 7:57 p.m.6 views

CLSA-2025-1741291038 expat: Fix of CVE-2024-28757

CVE-2024-28757: Prevent billion laughs attacks in isolated external parser part of 839 Reject direct parameter entity recursion part of 839...

7.5CVSS6.7AI score0.02006EPSS
Exploits1References1
HackRead
HackRead
added 2025/02/21 9:26 p.m.11 views

Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange

In a major cybersecurity incident, Bybit, the world's 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from…...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/13 4:17 a.m.4 views

CVE-2025-1143

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

8.4CVSS7AI score0.00186EPSS
Exploits0References4
NVD
NVD
added 2025/02/11 4:15 a.m.10 views

CVE-2025-1143

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

8.4CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 3:17 a.m.14 views

CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

8.4CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 3:17 a.m.13 views

CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...

8.4CVSS8.5AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.6 views

Billion Electric M100、M150和M120N 信任管理问题漏洞

The Billion Electric M100, among others, is a wireless router from China-based Shengda Electric Billion Electric. The Billion Electric M100, M150, and M120N are vulnerable to a trust management issue vulnerability that stems from embedded Linux credentials that are hardcoded. An attacker could...

8.4CVSS6.9AI score0.00186EPSS
Exploits0References2
HackRead
HackRead
added 2025/02/03 1:24 p.m.16 views

How Builder.ai is Democratizing AI for the Next Billion Users

Dubai UAE, UAE, 3rd February 2025, CyberNewsWire...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.13 views

LangChain < 0.1.35 XXE

The version of LangChain installed on the remote host is prior to 0.1.35. It is, therefore, affected by a XML External Entity XXE vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers o...

5.9CVSS6.1AI score0.0077EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/12/13 12:0 a.m.6 views

The vulnerability of the microprogrammed software of ZyXEL P660HN-T1A and Billion 5200W-T lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary code.

The vulnerability of the microprogrammed software of ZyXEL P660HN-T1A and Billion 5200W-T exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.94508EPSS
Exploits2References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.6 views

The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.

The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...

9CVSS5.9AI score0.01093EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.10 views

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the absence of authentication for a critical function. This allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent...

9CVSS7.2AI score0.00463EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.27 views

The vulnerability of the microprogramming software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the ability to bypass authentication procedures by using an alternative path or channel. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 relates to the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to...

7.8CVSS7.2AI score0.00534EPSS
Exploits0References4Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.10 views

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500, related to the storage of passwords in an open manner, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the storage of passwords in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access ...

9CVSS7.2AI score0.00608EPSS
Exploits0References5Affected Software4
NVD
NVD
added 2024/11/29 8:15 a.m.8 views

CVE-2024-11983

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device...

7.2CVSS0.01093EPSS
Exploits0References2
Rows per page
Query Builder