CVE-2022-24660

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext...

Information disclosure

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext...

CVE-2022-24660

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext...

CVE-2022-24660

CVE-2022-24660 affects Goldshell ASIC Miners (v2.2.1 and earlier). The root cause is a debug interface exposed publicly via the web interface, enabling attackers to access passwords and other sensitive information in plaintext. The CVE entry notes network attack potential with high impact to conf...

CVE-2021-44453

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands...

CVE-2021-44453

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands...

Design/Logic Flaw

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands...

CVE-2021-44453 mySCADA myPRO

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands...

CVE-2021-44453

Affected product: mySCADA myPRO (versions 8.20.0 and prior). Vulnerability: OS command injection via a vulnerable debug interface that includes a ping utility, allowing an attacker to inject arbitrary operating system commands through the interface. Impact (as stated): Remote code execution with ...

D-Link Dwr-932C E1 操作系统命令注入漏洞

The D-Link Dwr-932C E1 is a WiFi mobile modem router from China-based D-Link.A security vulnerability exists in the D-Link DWR-932C E1 firmware, which stems from an OS command injection in debugfcgi. An attacker could exploit this vulnerability to perform command injection via a crafted HTTP...

CVE-2021-3788

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

CVE-2021-3788

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

Hardcoded credentials

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

CVE-2021-3788

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

CVE-2021-3788

CVE-2021-3788 affects Motorola-branded Binatone Hubble Cameras. The issue is an exposed debug interface that could allow a user with physical access to gain unauthorized access to the device. The root cause is the exposed debugging endpoint/interface, leading to potential confidentiality, integri...

PT-2021-21897 · Motorola · Motorola-Branded Binatone Hubble Cameras

Name of the Vulnerable Software and Affected Versions: Motorola-branded Binatone Hubble Cameras affected versions not specified Description: An issue was found in Motorola-branded Binatone Hubble Cameras where an exposed debug interface could allow an attacker with physical access to gain...

openSUSE 15 Security Update : solo (openSUSE-SU-2021:1019-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1019-1 advisory. - The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey...

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection RDP can be degraded from RDP level 2 no access via debug interface to level 1 limited access via debug interface by injecting a fault during the boot phase...

Design/Logic Flaw

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...