Shelly com.home.shelly 安全漏洞

Shelly com.home.shelly is a firmware program from Shelly, Inc. A security vulnerability exists in Shelly com.home.shelly version 1.0.4, which stems from a contained vulnerability that allows remote attackers to obtain sensitive information through the firmware update process...

CVE-2024-8891

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4...

CVE-2024-8890

An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being establish...

CVE-2024-8888

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

CVE-2024-8888 Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

CVE-2024-8887

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service DoS attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow...

CVE-2024-8887 Authentication bypass vulnerability on CIRCUTOR Q-SMT

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service DoS attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow...

Juplink RX4-1500 Command Injection Vulnerability

Juplink RX4-1500 is a wireless router from Juplink. A security vulnerability exists in the Juplink RX4-1500 Wifi router that stems from a command injection vulnerability in the homemng.htm endpoint. An attacker can exploit the vulnerability by sending a specially crafted HTTP request to execute...

CVE-2023-29711

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request...

CVE-2023-30257

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root...