Lucene search
K

30 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.13 views

CVE-2026-50099

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 6:9 p.m.18 views

CVE-2026-10045

The CVE-2026-10045 entry affects Shenzhen Kangda Xin Intelligent Network Technology Co. router model DR300 (firmware version 2.1.2.121). The device reportedly ships with hardcoded login credentials and has Telnet enabled by default on both WAN and LAN interfaces, enabling remote read/write of mem...

9.8CVSS5.5AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:13 p.m.9 views

CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 3:5 p.m.18 views

CVE-2026-27516 Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

8.6CVSS0.00179EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.6 views

CVE-2026-24441

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...

8.2CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 5:40 p.m.15 views

CVE-2026-24437

CVE-2026-24437 affects Shenzhen Tenda W30E V2 firmware up to version 16.01.0.19(5037). The root cause is missing cache-control directives on pages serving sensitive administrative content, enabling browsers to cache credential-bearing responses and potentially expose them to subsequent unauthoriz...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.3 views

CVE-2021-0166

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 8:2 p.m.23 views

CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

7.1CVSS0.00144EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 12:0 a.m.18 views

CVE-2025-65823

CVE-2025-65823 affects the Meatmeet Pro device. The firmware reportedly ships with hardcoded Wi‑Fi credentials from its test network, enabling an attacker who obtains these credentials to gain unauthorized access to the vendor’s Wi‑Fi network. Additionally, a nearby attacker during initial setup ...

9.8CVSS6.3AI score0.00365EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 3:3 p.m.7 views

CVE-2025-63729

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...

9CVSS6.9AI score0.00079EPSS
Exploits1References1
NVD
NVD
added 2025/11/25 5:15 p.m.4 views

CVE-2025-63729

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...

9CVSS0.00079EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.2 views

CVE-2025-63729

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO3.7L3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder...

6.6AI score0.00079EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/31 5:55 a.m.6 views

EUVD-2025-37302

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication...

6.9CVSS6.2AI score0.00296EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/31 5:55 a.m.8 views

CVE-2025-58152

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication...

6.9CVSS0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/06 4:8 p.m.5 views

CVE-2025-0038

In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality...

6.6CVSS6.5AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 p.m.9 views

CVE-2018-11942

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure an...

5.5CVSS7.3AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:3 a.m.4 views

CVE-2017-8222

Wireless IP Camera P2P WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information...

7.5CVSS7.7AI score0.04223EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/02/15 4:23 p.m.8 views

CVE-2024-12012

A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...

5.7CVSS7.1AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 2:15 p.m.3 views

CVE-2024-27774

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware...

6.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-2275 · Unitronics · Unistream +2

Name of the Vulnerable Software and Affected Versions: Unitronics Unistream Unilogic versions prior to 1.35.227 Description: The issue is related to the use of hard-coded passwords, which may allow an attacker to disclose sensitive information embedded inside the device's firmware. This could...

7.5CVSS6.7AI score0.00431EPSS
Exploits0References8
Rows per page
Query Builder