CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

CVE-2026-23759

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

CVE-2026-23759 Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

PT-2026-25903

Name of the Vulnerable Software and Affected Versions Perle IOLAN STS/SCS versions prior to 6.0 Description Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated operating system command injection through the restricted shell accessible via Telnet or...

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

EUVD-2025-208321

A denial-of-service DoS vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610...

Sony IP Cameras Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-7834)

SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC- EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC- ZP550, SNC-ZR550,...

CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

CVE-2025-47904 Unsigned upgrade package

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...

PT-2026-21285

Name of the Vulnerable Software and Affected Versions PROLiNK PRC2402M versions prior to 2021-06-13 Description The PROLiNK PRC2402M router firmware contains a flaw that allows for arbitrary OS command execution. The issue resides in the live api.cgi script when handling the page=satellite list...

CVE-2026-25872

JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying...

CVE-2026-25872 JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal

JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying...

CVE-2026-23699

AP180 series with firmware versions prior to APRGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

CVE-2026-23699

AP180 series with firmware versions prior to APRGOS 11.94B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices...

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2025-69425

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password TOTP secret and an embedded static token. An attacker who...

CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...