28 matches found
CVE-2026-40003
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...
Exploit for CVE-2026-40003
CVE-2026-40003 aka Joselito is arbitrary memory write vulnerabil...
CVE-2026-40003
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...
EUVD-2026-28232
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...
ZTE ZX297520V3 缓冲区错误漏洞
ZTE ZX297520V3 is an industrial-grade 4G module from ZTE Corporation. The ZTE ZX297520V3 has a buffer error vulnerability. This vulnerability stems from the lack of target address verification in the USB download mode, which may allow arbitrary memory writes. As a result, it can overwrite the...
EUVD-2026-8790
NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
EUVD-2025-202625
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
PT-2025-50496
Name of the Vulnerable Software and Affected Versions ESP32 affected versions not specified Description An enabled UART download mode on the ESP32 chip allows an attacker to extract sensitive data from the flash memory, including Wi-Fi network details stored in the NVS partition. This access also...
CVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...
Meatmeet Pro BBQ Thermometer 安全漏洞
Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer that stems from an undisabled UART download mode, which could lead to the disclosure of sensitive information and malicious firmware flashing...
CVE-2025-59402
Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...
CVE-2025-59402
Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...
PT-2025-39453
Name of the Vulnerable Software and Affected Versions Flock Safety Bravo Edge AI Compute Device version BRAVO 00.00 local 20241017 Description The Flock Safety Bravo Edge AI Compute Device allows attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader an...
CVE-2018-9370
In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...