Skyworth Router CM5100 安全漏洞

Skyworth Router CM5100 is a single-band router with N300 speed from Skyworth China. A security vulnerability exists in the Skyworth Router CM5100 version 4.1.1.24, which originates from storing sensitive information about USB and Wifi connected devices in plaintext...

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

PT-2024-27904 · Microsoft · Azure Stack Hub

Name of the Vulnerable Software and Affected Versions: Azure Stack Hub affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Azure Stack Hub. There is no information provided about the estimated number of potentially affected devices...

D-Link Central WiFiManager SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' require 'digest' class MetasploitModule 'D-Link Central WiFiManager SQL injection', 'Description' = %q This module exploits a SQLi vulnerability found in...

PT-2024-11728 · Northern.Tech · Mender

Name of the Vulnerable Software and Affected Versions: Northern.tech Mender versions 3.3.x through 3.3.1 Northern.tech Mender versions 3.4.x through 3.4.0 Northern.tech Mender versions 3.5.x through 3.5.0 Northern.tech Mender versions 3.6.x through 3.6.0 Description: The issue is related to...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO, which arises from an encryption key for an application installed on the multifunction device becoming temporarily replaceable, which could allow tamperin...

Motorola Ready For 安全漏洞

Motorola Ready For is a feature of Motorola USA Inc. It enhances the functionality of a cell phone by connecting it to any display or monitor1,2. A security vulnerability exists in Motorola Ready For that stems from the presence of an implicit intent vulnerability that could allow a local attacke...

Matrix Synapse Information Disclosure Vulnerability

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. An information disclosure vulnerability exists in Matrix Synapse versions prior to 1.95.1, prior to 1.96.0rc1, which stems from the ability to query a remote user's cached device information from...

PT-2023-28988 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.95.1 and 1.96.0rc1 Description: Synapse is an open-source Matrix homeserver. Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to...

Siemens SINEMA Server 跨站脚本漏洞

Siemens SINEMA Server is a software from Siemens, Germany, developed specifically for industrial applications. It enables you to fully visualize and monitor your network. A cross-site scripting vulnerability exists in Siemens SINEMA Server V14 due to an affected application incorrectly clearing...

CVE-2023-43134

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...

PT-2023-12887 · Cybozu · Cybozu Remote Service

Name of the Vulnerable Software and Affected Versions: Cybozu Remote Service version 3.1.2 Description: The issue is a path traversal vulnerability in the Importing Mobile Device Data component, allowing a remote authenticated attacker to cause a denial-of-service DoS condition. Recommendations:...

PT-2023-20357 · Danfoss · Danfoss Ak-Em100

Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address,...

CVE-2023-33741

Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device...

CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

CVE-2022-45937

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, TALON TC Compact BACnet All versions V3.5.5, TALON TC...

PT-2022-25078 · Unknown · Devicemanagement

Name of the Vulnerable Software and Affected Versions: DeviceManagement versions prior to SMR Nov-2022 Release 1 Description: The issue is related to an improper access control vulnerability in the BootCompletedReceiver CMCC component of DeviceManagement. This vulnerability allows a local attacke...

The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a attacker to carry out cross-site scripting attacks.

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a...

CVE-2022-29879

A vulnerability has been identified in SICAM T All versions V3.0. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information...

Siemens SICAM T 访问控制错误漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...