EUVD-2025-202622

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

CVE-2025-65824

The CVE describes an unauthenticated proximity attack against the Meatmeet device where an adversary can perform an unauthorized OTA firmware upgrade over BLE. The upgrade mechanism does not verify authenticity, allowing the attacker to overwrite the device firmware with their code and trigger Re...

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

EUVD-2021-22611

Malware in sbrugna...

EUVD-2023-26520

Malicious code in bioql PyPI...

EUVD-2023-29325

Malicious code in bioql PyPI...

CVE-2023-25368

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware...

CVE-2023-22357

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the...

CVE-2021-35978

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...

CVE-2023-25368

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware...

CVE-2023-25368

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware...

CVE-2023-25368

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware...

PT-2023-20038 · Siglent · Siglent Sds 1104X-E

Name of the Vulnerable Software and Affected Versions: Siglent SDS 1104X-E SDS1xx4X-E version V6.1.37R9.ADS Description: The issue concerns Incorrect Access Control, allowing an unauthenticated attacker to overwrite firmware. Recommendations: For Siglent SDS 1104X-E SDS1xx4X-E version...

Active debug code vulnerability in OMRON CP1L-EL20DR-D

Overview Active debug code CWE-489 exists in CP1L-EL20DR-D provided by OMRON Corporation, which may lead to a command that is not specified in FINS protocol being executed without authentication. Georgy Kiguradze of Positive Technologies reported this vulnerability to JPCERT/CC. JPCERT/CC...

Command injection

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker with knowledge of the protocol to execute arbitrary code on the controller including overwriting firmware, adding/removing...

Moxa Won't Patch Publicly Disclosed Flaws Until August

Update A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team ICS-CERT. Researcher Joakim Kennedy of Rapid7 disclosed in March some...

Karsten Nohl BadUSB Patch Fall Short of a Fix

Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem. The attack code and subsequent patch is a response to the BadUSB research released during Black Hat this summer, yet, the fix...

D-Link VoIP Phone Adapter - XSS/CSRF Remote Firmware Overwrite

No description provided by source. D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. html form action=http://10.1.1.166/Forms/cbiSetSWUpdate?16640,0,0,0,0,0,0,0,0 method=PO...