CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...

Lenovo ThinkPad 安全漏洞

Lenovo ThinkPad is a portable computer from Lenovo China. A security vulnerability exists in Lenovo ThinkPad that stems from a vulnerability that could allow a local attacker to elevate privileges by accessing the embedded UEFI shell...

PT-2024-38564 · Lenovo · Thinkpad L390 Yoga +1

Name of the Vulnerable Software and Affected Versions: ThinkPad L390 Yoga and 10w Notebook affected versions not specified Description: A potential issue was reported that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. This could potentially be used to...

Netgear WNR614 Security Vulnerability

The Netgear WNR614 is an N300 wireless router with external antenna from Netgear USA. A security vulnerability exists in the Netgear WNR614 version V1.1.0.541.0.1, which stems from the presence of insecure privileges that allow an attacker to access URLs and directories embedded in the firmware v...

Dell BIOS Security Vulnerability

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS. Attackers have exploited the vulnerability to cause a denial of service on the system...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

The vulnerability of the embedded software of NETGEAR routers such as R6400v2, R6700v3, R6900P, R7000, R7000P, RS400, and CBR40 arises from buffer overflow in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR R6400v2, NETGEAR R6700v3, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR RS400, and NETGEAR CBR40 lies in buffer overflow in the stack. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code using a special...

The vulnerability of the embedded software of NETGEAR routers such as NETGEAR R6400, NETGEAR R6400v2, NETGEAR R6700v3, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR R8500, NETGEAR RAX15, NETGEAR RAX20, NETGEAR RAX35v2, NETGEAR RAX38v2, NETGEAR RAX40v2, NETGEAR RAX42, NETGEAR RAX43, NETGEAR RAX45, NETGEAR RAX48, NETGEAR RAX50, NETGEAR RAX50S, NETGEAR RS400, NETGEAR R7100LG, NETGEAR LAX20, NETGEAR CAX80, NETGEAR MR80, and NETGEAR MS80 lies in the insufficient validation of input data. This allows attackers to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR routers such as NETGEAR R6400, NETGEAR R6400v2, NETGEAR R6700v3, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR R8500, NETGEAR RAX15, NETGEAR RAX20, NETGEAR RAX35v2, NETGEAR RAX38v2, NETGEAR RAX40v2, NETGEAR RAX42, NETGEAR RAX43, NETGE...

The vulnerability of the embedded software of NETGEAR routers such as D7800, DM200, EX2700, EX6150v2, EX6200v2, EX6250, EX6400, EX6400v2, EX6410, EX6420, EX7300, EX7300v2, EX7320, R7500v2, R7800, R8900, R9000, RAX120, WN3000RPv2, WN3000RPv3, WNR2000v5, XR500, RBK20, RBR20, RBS20, RBK40, RBR40, and RBS40 lies in the absence of measures to clean incoming data. This allows a malicious actor to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software, including models such as D7800, DM200, EX2700, EX6150v2, EX6200v2, EX6250, EX6400, EX6400v2, EX6410, EX6420, EX7300, EX7300v2, EX7320, R7500v2, R7800, R8900, R9000, RAX120, WN3000RPv2, WN3000RPv3, WNR2000v5, XR500, RBK20, RBR20, RBS20,...

Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paper We present our approach and the findings of this work in the following research paper: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware PDF Nilo Redini, Aravind...

Linux Embedded Firmware Dynamic Analysis: FIRMADYNE

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components: modified kernels MIPS: v2.6.32 , ARM: v4.1 , v3.10 for instrumentation of firmware execution; a userspace NVRAM library to emulate a...