CVE-2026-33779 Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication,...

CVE-2025-15557

CVE-2025-15557 is an improper certificate validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1. An on-path attacker on the same network segment can intercept and modify encrypted device–to–cloud communications, compromising confidentiality and integrity of device data and operations....

PT-2026-6601

Name of the Vulnerable Software and Affected Versions TP-Link Tapo H100 version 1 TP-Link Tapo P100 version 1 Description An improper certificate validation issue exists in the software. An attacker on the same network segment can intercept and modify encrypted communications between the device a...

CVE-2025-36751 Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

CVE-2025-36751

CVE-2025-36751 affects Growatt ShineLan-X and MIC 3300TL-X. The root cause is missing encryption on the configuration interface, enabling an attacker with network access to intercept and potentially manipulate the communication between the inverter and its cloud endpoint. The available connected ...

PT-2025-51100

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...

DLL Hijacking Vulnerability in 263 Cloud Communications PC Client Software

263 cloud communication is the first enterprise instant messaging tool based on intelligent mobile terminals, from pc client to mobile terminal extension, to meet the needs of users at any time with the news. 263 cloud communication pc client software DLL hijacking vulnerability, the attacker can...