16 matches found
CVE-2026-20431
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...
CVE-2025-8393
A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentia...
CVE-2023-21452
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device...
Motorola Ready For 安全漏洞
Motorola Ready For is a feature of Motorola USA Inc. It enhances the functionality of a cell phone by connecting it to any display or monitor1,2. A security vulnerability exists in Motorola Ready For that stems from the presence of an implicit intent vulnerability that could allow a local attacke...
Connected IO Operating System Command Injection Vulnerability
Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a command injection vulnerability in the set firewall command in t...
CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack...
CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack...
Rockwell Automation Modbus TCP AOI Information Disclosure Vulnerability
Rockwell Automation Modbus TCP AOI is a Modbus server from Rockwell USA. An information disclosure vulnerability exists in the Rockwell Automation Modbus TCP AOI, which can be exploited by an attacker to read the Modbus TCP server AOI information of a connected device...
PT-2023-18220 · Bluetooth · Bluetooth
Name of the Vulnerable Software and Affected Versions: Bluetooth versions prior to SMR Mar-2023 Release 1 Description: The issue is related to the improper usage of implicit intent in Bluetooth, allowing an attacker to obtain the MAC address of a connected device. Recommendations: For Bluetooth...
CVE-2022-20347
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-33722
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address...
News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app wa...
CVE-2020-12863
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083...
Cybersecurity best practices to implement highly secured devices
Almost three years ago, we published The Seven Properties of Highly Secured Devices, which introduced a new standard for IoT security and argued, based on an analysis of best-in-class devices, that seven properties must be present on every standalone device that connects to the internet in order ...
Unspecified Vulnerability in Siemens SINEMA Remote Connect Server
Siemens SINEMA Remote Connect Server is a server application. SINEMA Remote Connect allows users to access remote equipment or machines so that maintenance can be performed easily and safely. An unspecified vulnerability exists in Siemens SINEMA Remote Connect Server. An attacker with...
Orange AirBox Information Disclosure Vulnerability
Orange AirBox is a portable wireless router product from Orange Luxembourg. A security vulnerability exists in goform/getWlanClientInfo in Orange AirBox version Y858FL01.1604. A remote attacker can exploit the vulnerability to obtain information about the currently connected device hostname, IP...