Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/05/19 7:57 p.m.11 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS6.1AI score0.00296EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/07 2:44 p.m.81 views

Exploit for CVE-2026-40003

CVE-2026-40003 aka Joselito is arbitrary memory write vulnerabil...

5.1CVSS5.9AI score0.00296EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:15 a.m.7 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS6.2AI score0.00296EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/07 1:15 a.m.13 views

EUVD-2026-28232

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

5.1CVSS6.2AI score0.00296EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

ZTE ZX297520V3 缓冲区错误漏洞

ZTE ZX297520V3 is an industrial-grade 4G module from ZTE Corporation. The ZTE ZX297520V3 has a buffer error vulnerability. This vulnerability stems from the lack of target address verification in the USB download mode, which may allow arbitrary memory writes. As a result, it can overwrite the...

6.8CVSS6.3AI score0.00296EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 12:39 a.m.5 views

EUVD-2026-8790

NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...

5.3CVSS6AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.6 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS6.6AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.7 views

EUVD-2025-202625

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

6.1AI score0.0031EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 9:16 p.m.10 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 9:16 p.m.6 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50496

Name of the Vulnerable Software and Affected Versions ESP32 affected versions not specified Description An enabled UART download mode on the ESP32 chip allows an attacker to extract sensitive data from the flash memory, including Wi-Fi network details stored in the NVS partition. This access also...

7.5CVSS6.2AI score0.0031EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Meatmeet Pro BBQ Thermometer 安全漏洞

Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer that stems from an undisabled UART download mode, which could lead to the disclosure of sensitive information and malicious firmware flashing...

7.5CVSS6.3AI score0.0031EPSS
Exploits0References3
NVD
NVD
added 2025/09/25 9:15 p.m.4 views

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

5.4CVSS0.00217EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/25 12:0 a.m.4 views

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

6.3AI score0.00217EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.4 views

PT-2025-39453

Name of the Vulnerable Software and Affected Versions Flock Safety Bravo Edge AI Compute Device version BRAVO 00.00 local 20241017 Description The Flock Safety Bravo Edge AI Compute Device allows attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader an...

5.4CVSS6AI score0.00217EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/11/19 7:20 p.m.16 views

CVE-2018-9370

In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.0009EPSS
Exploits0References1
NVD
NVD
added 2023/07/17 4:15 p.m.30 views

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

6.8CVSS0.00198EPSS
Exploits0References2
OSV
OSV
added 2023/07/17 4:15 p.m.5 views

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

6.8CVSS5.8AI score0.00198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/17 4:15 p.m.4 views

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

6.8CVSS5.5AI score0.00198EPSS
Exploits0References3
Rows per page
Query Builder