PT-2026-25916

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

EUVD-2021-19798

Malware in sbrugna...

EUVD-2018-20826

Malware in sbrugna...

EUVD-2013-4650

Malware in sbrugna...

EUVD-2018-4147

Malware in sbrugna...

CVE-2019-13549

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...

CVE-2019-3998

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to...

The vulnerability of TP-Link Archer c20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of TP-Link Archer c20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by adding the parameter “Referer: http://tplinkwifi.net” to the...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46702)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46702 advisory. - In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged...

CVE-2022-26845

Improper authentication in firmware for IntelR AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2024-46702

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another...

CVE-2024-46702 thunderbolt: Mark XDomain as unplugged when router is removed

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another...

The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software, related to authentication procedures that allow intruders to create arbitrary passwords.

The vulnerability of Netgear WNR614 N300 Wi-Fi router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a remote attacker to create arbitrary passwords...

CVE-2023-32222 D-Link DSL-G256DG firmware version vBZ_1.00.27 Authentication Bypass

D-Link DSL-G256DG version vBZ1.00.27 web management interface allows authentication bypass via an unspecified method...

CVE-2022-21794

Improper authentication in BIOS firmware for some IntelR NUC Boards, IntelR NUC Business, IntelR NUC Enthusiast, IntelR NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access...

Intel NUC 授权问题漏洞

The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in IntelR NUC Boards, IntelR NUC Kits MYi30060 prior versions, which stems from incorrect BIOS firmware authentication. An attacker could exploit the vulnerability to escalate privileges...

The vulnerability of Intel SSD microprogramming software is related to implementation errors in authentication procedures. This allows attackers to carry out “man-in-the-middle” attacks and disclose sensitive information.

The vulnerability of Intel SSD microprogramming software is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow attackers to carry out a “man-in-the-middle” attack and expose the protected information...

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...

CVE-2020-10916

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P120191213-rel60361 Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechani...

CVE-2019-10706

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to othe...