33 matches found
EUVD-2026-26379
A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...
Advantech SUSI 安全漏洞
Advantech SUSI is a set of embedded system interface management tools from Advantech, Taiwan, China. A security vulnerability exists in Advantech SUSI 5.0.24335 and prior versions, which stems from improper access control and could lead to elevation of privilege and arbitrary code execution...
[SECURITY] [DLA 4320-1] u-boot security update
Debian LTS Advisory DLA-4320-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert October 01, 2025 https://wiki.debian.org/LTS Package : u-boot Version : 2021.01+dfsg-5+deb11u2 CVE ID : CVE-2021-27097 CVE-2021-27138 Debian Bug : 983269 983270 Multiple vulnerabilties...
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. A denial of service vulnerability exists in the Cesanta MJS mjsarraylength function,...
Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2023-1725 Weston Embedded uC-HTTP HTTP Server out-of-bounds write vulnerability November 14, 2023 CVE Number CVE-2023-24585 SUMMARY An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafte...
CVE-2023-25185
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating syst...
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...
NVIDIA Jetson 权限许可和访问控制问题漏洞
Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. A privilege permission and access control issue vulnerability exists in various pieces of NVIDIA Jetson software, which arises from unauthorized modification of camera resources. An attacker could exploit this...
CVE-2021-21552
Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the...
GE Grid Solutions UR 安全漏洞
GE Grid Solutions UR is an embedded operating system from GE Grid Solutions, France. It provides high-performance protection, scalable I/O, integrated monitoring and metering, high-speed communications, and extensive programming and configuration capabilities. A security vulnerability exists in G...
Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server
Kelly Leuschner of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in Micrium uc-HTTP’s HTTP server that could cause denial-of-service conditions. An attacker could trigger these vulnerabilities by targeting the user machine...
Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4449)
Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
ALEOS Mismanagement of Privileges Vulnerability
ALEOS is an integrated development environment for building customized embedded M2M applications. ALEOS versions prior to 4.11.0, 4.9.4, and 4.4.9 contain a mismanagement of privileges vulnerability that can be exploited by an authenticated attacker to elevate privileges to root via a command she...
Reverse Engineering the Tesla Firmware Update Process
TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...
Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25702)
Wind River Systems VxWorks is an embedded real-time operating system RTOS from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. An attacker could exploit this vulnerability by sending a reverse ARP response to an affected system to assign a unicast IPv...
Remote Command Execution Vulnerability in iGuardian Security Guardian
iGuardian is a router-based application embedded in the Linux operating system, with Snort an intrusion detection system as an embedded command-and-control system. A remote command execution vulnerability exists in the iGuardian Security/apps/login.php file. This allows an attacker to remotely...
Security Update for Windows Embedded 8 Standard for x64-based Systems (KB3168965)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Open Smart Grid Protocol Homegrown Crypto Weaknesses
In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide. And like its SCADA, industrial control system, and embedded system brethren, it’s rife with security issues. Two researchers, Phillip...
With Misfortune-Cookies-doom cookies to ROM-0 Bug patch-vulnerability warning-the black bar safety net
This article is just for fun, especially to those who like to adjust the system's embedded hack. So this is not a legitimate fix ROM-0 Bugs means fun is by one bug to fix another bug. Let's open thebeginning to find our fun. As I an article the Misfortune Cookie decryption of the write, we can be...