30 matches found
PT-2026-25916
JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...
EUVD-2018-4147
Malware in sbrugna...
EUVD-2018-20826
Malware in sbrugna...
EUVD-2013-4650
Malware in sbrugna...
EUVD-2021-19798
Malware in sbrugna...
CVE-2019-13549
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...
CVE-2019-3998
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46702)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46702 advisory. - In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged...
CVE-2022-26845
Improper authentication in firmware for IntelR AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access...
CVE-2024-46702
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another...
CVE-2024-46702 thunderbolt: Mark XDomain as unplugged when router is removed
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another...
CVE-2023-32222 D-Link DSL-G256DG firmware version vBZ_1.00.27 Authentication Bypass
D-Link DSL-G256DG version vBZ1.00.27 web management interface allows authentication bypass via an unspecified method...
CVE-2022-21794
Improper authentication in BIOS firmware for some IntelR NUC Boards, IntelR NUC Business, IntelR NUC Enthusiast, IntelR NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access...
Intel NUC 授权问题漏洞
The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in IntelR NUC Boards, IntelR NUC Kits MYi30060 prior versions, which stems from incorrect BIOS firmware authentication. An attacker could exploit the vulnerability to escalate privileges...
Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...
CVE-2020-10916
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P120191213-rel60361 Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechani...
CVE-2019-10706
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to othe...
Firmware Authentication Bypass - US
Lenovo Security Advisory: LEN-23849 Potential Impact: Escalation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: No CVE Summary Description: Intel has reported a potential security vulnerability allowing an attacker with physical access to bypass firmware authentication...
CVE-2018-12169
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypas...
CVE-2016-6567 SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices
SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executi...