Lucene search
+L

2627 matches found

euvd
euvd
added 3 days ago3 views

EUVD-2026-43542

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS6.9AI score0.00096EPSS
Exploits0References2
nvd
nvd
added 4 days ago4 views

CVE-2026-15680

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS0.0026EPSS
Exploits0References1
cve
cve
added 4 days ago10 views

CVE-2026-15683

Affected product/area: Lorex 2K Indoor Wi‑Fi Security Camera – Device Management Server. Vulnerability: Improper certificate validation in the device management functionality. The flaw stems from lack of proper validation of the server’s certificate, enabling network‑adjacent attackers to execute...

7.5CVSS6.9AI score0.00096EPSS
Exploits0References1
nvd
nvd
added 2026/07/02 3:17 p.m.12 views

CVE-2026-54409

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

8.1CVSS0.00254EPSS
Exploits0References1
cve
cve
added 2026/07/02 2:49 p.m.13 views

CVE-2026-54409

Summary of CVE-2026-54409 : A network-accessible vulnerability in the UniFi Protect Application, described as an Improper Initialization flaw, could allow a attacker to bypass authentication on UniFi Protect Cameras under certain conditions. Affected components are the UniFi Protect Application a...

8.1CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/07/02 2:49 p.m.33 views

CVE-2026-54409

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

7.5CVSS0.00254EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/02 2:49 p.m.14 views

CVE-2026-54409

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 2:49 p.m.8 views

EUVD-2026-41382

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.10 views

PT-2026-55245

Name of the Vulnerable Software and Affected Versions UniFi Protect Application affected versions not specified Description An Improper Initialization issue exists in the UniFi Protect Application. A malicious actor with network access could exploit this flaw under certain conditions to bypass...

8.1CVSS6.1AI score0.00254EPSS
Exploits0References3
nvd
nvd
added 2026/07/01 5:16 p.m.10 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
cve
cve
added 2026/07/01 3:36 p.m.25 views

CVE-2026-58454

Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/01 3:36 p.m.8 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/07/01 3:33 p.m.33 views

CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 3:31 p.m.8 views

EUVD-2026-41048

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/01 3:31 p.m.8 views

CVE-2026-58452

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/07/01 3:31 p.m.35 views

CVE-2026-58452 JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
thn
thn
added 2026/06/30 5:45 p.m.14 views

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the...

6.5AI score
Exploits0
euvd
euvd
added 2026/06/27 12:30 a.m.7 views

EUVD-2026-39926

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References4
euvd
euvd
added 2026/06/27 12:30 a.m.8 views

EUVD-2026-39927

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS5.9AI score0.004EPSS
Exploits0References4
nvd
nvd
added 2026/06/26 11:17 p.m.20 views

CVE-2026-55975

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
Rows per page
Query Builder