CVE-2025-14304 ASRock, ASRockRack, ASRockInd｜Motherboard - Protection Mechanism Failure

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory...

EUVD-2025-203865

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security feature...

MSI Motherboards 安全漏洞

MSI Motherboards are a line of motherboards from Taiwan, China-based Micro-Star MSI. A security vulnerability exists in MSI Motherboards that stems from not properly enabling the IOMMU, which could allow an unauthenticated physical attacker to read or write arbitrary physical memory before the...

CVE-2019-8900

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the...

CVE-2024-31151

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...

CVE-2024-28875

CVE-2024-28875 affects LevelOne WBR-6012. Talos confirms a hard-coded admin backdoor password and an undocumented user account, allowing admin-level access within the first 30 seconds after boot via the device’s web services. The hard-coded password is “@m!t2K1” and a reboot sequence may bypass t...

CVE-2024-32742

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem...

CVE-2023-30354

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...

PT-2023-22650 · Shenzen Tenda Technology · Tenda Ip Camera Cp3

Name of the Vulnerable Software and Affected Versions: Shenzen Tenda Technology IP Camera CP3 version V11.10.00.2211041355 Description: The issue concerns physical access to U-Boot via the UART, where the Wi-Fi password is exposed, and a hardcoded boot password can be used for console access...

Honeywell Safety Manager 信任管理问题漏洞

Honeywell Safety Manager is Honeywell's for minimizing accidents, maximizing production uptime, reducing compliance costs and managing plant safety. A trust management issue vulnerability exists in Honeywell Safety Manager versions prior to R160.1, which stems from the fact that access to the boo...

Mitel 6900 SIP 安全漏洞

Mitel 6900 SIP is a 6900 SIP series IP phone from Mitel Canada. A security vulnerability exists in Mitel 6900 SIP. An attacker could exploit this vulnerability to bypass the restrictions of the Mitel 6900 Series IP Phone SIP via system boot to elevate its privileges...

CVE-2020-28331

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a...