137 matches found
EUVD-2026-9795
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
CVE-2026-28536 describes an authentication bypass in the device authentication module. The vulnerability allows an adjacent attacker with low complexity and no privileges to bypass authentication, impacting confidentiality, integrity, and availability (base score 9.6, CRITICAL). Affected product ...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
PT-2026-23411
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS device authentication module, which can be exploited by an attacker to compromise...
GHSA-R65X-2HQR-J5HF OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy
Summary A paired node device could reconnect with spoofed platform/deviceFamily metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature. Affected Packages / Versions - Package:...
CVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint...
EUVD-2025-206287
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint...
CVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint...
CVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint...
CVE-2025-13455
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint...
CVE-2025-13455
CVE-2025-13455 describes a vulnerability in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. Affected software: ThinkPlus configuration software. The root cause details are not specified in ...
CVE-2021-47740
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...
CVE-2021-47740 KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...
CVE-2021-47740
CVE-2021-47740 affects KZTech JT3500V 4G LTE CPE 2.0.1. The issue is a session management vulnerability where the device accepts and reuses old session credentials without proper expiration, due to weak session handling. Impact stated in sources includes unauthorized access and potential compromi...
PT-2025-54421
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms...