Lucene search
+L

173 matches found

cnnvd
cnnvd
added 2025/06/24 12:0 a.m.5 views

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A code execution vulnerability exists in multiple Advantech products, which can be exploited by attackers to inject or modify firmware via the JTAG interface...

6.4CVSS6.2AI score0.00164EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/06/23 12:0 a.m.6 views

PT-2025-26680 · Advantech +1 · Advantech Wireless Sensing/Equipment +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue allows an attacker with physical access to the JTAG interface to inject or modify firmware. This could be achieved through successful exploitation of the vulnerability, potentially...

6.4CVSS5.9AI score0.00164EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 5:34 a.m.4 views

CVE-2023-35841

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0...

7.8CVSS6.7AI score0.00372EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 4:18 a.m.6 views

CVE-2023-41921

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

9.8CVSS7.5AI score0.00253EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 3:17 a.m.5 views

CVE-2023-23120

The use of the cyclic redundancy check CRC algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle MITM attack to modify the new...

5.9CVSS6.8AI score0.00268EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 2:38 a.m.4 views

CVE-2023-23110

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the...

7.4CVSS6.8AI score0.00574EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:7 a.m.13 views

CVE-2022-46424

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM Man-in-the-Middle attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or...

8.1CVSS8AI score0.0084EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:15 p.m.8 views

CVE-2022-38955

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the...

7.5CVSS7AI score0.00302EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:29 p.m.12 views

CVE-2021-3971

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable...

6.7CVSS7.1AI score0.0129EPSS
Exploits0References1
nvd
nvd
added 2025/05/01 1:15 p.m.7 views

CVE-2025-23158

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...

7.8CVSS0.00185EPSS
Exploits0References11
osv
osv
added 2025/05/01 1:15 p.m.6 views

UBUNTU-CVE-2025-23158

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...

7.8CVSS6.2AI score0.00185EPSS
Exploits0References41
cve
cve
added 2025/05/01 12:55 p.m.129 views

CVE-2025-23158

The CVE-2025-23158 vulnerability affects the Linux kernel media: venus: hfi queue handling, where a firmware-modified large qsize can cause an OOB write when a new_wr_idx is not validated. The issue originates in reading/writing the shared queue (qhdr->q_size) and can lead to an out-of-bounds ...

7.8CVSS6.6AI score0.00185EPSS
Exploits0References11Affected Software1
cnnvd
cnnvd
added 2025/03/10 12:0 a.m.3 views

GE Vernova UR IED 数据伪造问题漏洞

The GE Vernova UR IED is a series of protective relays from GE Vernova, USA. A data forgery issue vulnerability exists in the GE Vernova UR IED that stems from insufficient validation of data authenticity and could result in the installation of modified firmware...

6.1CVSS6.8AI score0.0017EPSS
Exploits0References3
nvd
nvd
added 2025/02/28 4:15 p.m.14 views

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

6.8CVSS0.00208EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/28 12:0 a.m.7 views

Minut M2 安全漏洞

Minut M2 is an outdoor sensor from Minut. A security vulnerability exists in Minut M2 version 15142, which originates from internal flash encryption key extraction and could lead to a physical neighbor attacker injecting modifications to the firmware...

6.8CVSS6.4AI score0.00208EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/13 11:48 a.m.16 views

CVE-2025-26408

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...

6.1CVSS6.6AI score0.00288EPSS
Exploits1References1
cve
cve
added 2025/02/11 9:14 a.m.689 views

CVE-2025-26408

CVE-2025-26408 affects Wattsense Bridge devices where the JTAG interface is unprotected and accessible via physical access to the PCB, granting full device access (extract/modify firmware) across all known versions. Root cause per SEC Consult/PacketStorm analysis is an unprotected JTAG interface ...

6.1CVSS6.2AI score0.00288EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/02/11 9:14 a.m.12 views

CVE-2025-26408 Unprotected JTAG Interface

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...

6.3AI score0.00288EPSS
Exploits1References2
cvelist
cvelist
added 2025/02/11 9:14 a.m.31 views

CVE-2025-26408 Unprotected JTAG Interface

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...

0.00288EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/02/11 12:0 a.m.5 views

Wattsense Bridge 安全漏洞

Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. A security vulnerability exists in Wattsense Bridge. An attacker exploiting this vulnerability could extract information, modify and debug the device's firmware...

6.1CVSS9.1AI score0.00288EPSS
Exploits1References2
Rows per page
Query Builder