CVE-2025-4338

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

Command injection

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

Unauthorized Access Vulnerability in ELYCN Recording and Broadcasting Platform of Zhejiang Dahua Technology Co.(CNVD-2021-15563)

DAHUA is a leading video-based intelligent IOT solution provider and operation service provider in the world. An unauthorized access vulnerability exists in the ELYCN recording and broadcasting platform of Zhejiang Dahua Technology Company Limited, which can be exploited by attackers to modify...