CVE-2024-41885 Hardcoding sensitive information

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

CVE-2024-41885

CVE-2024-41885 affects the NVR. The root cause is a hardcoded seed for the encryption key, enabling remote code execution when combined with required local access. Vendor has issued a patch firmware; see the manufacturer report for details and workarounds. Current metrics indicate local attack ve...

CVE-2024-41886 Improper Input Validation

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...

PT-2024-29618 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A flaw has been discovered that allows for remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt...

Rittal IoT Interface & CMC III Processing Unit 安全漏洞

The Rittal IoT Interface & CMC III Processing Unit is a key component of Rittal Germany's Smart Networking of Sensors for monitoring physical environmental conditions. A security vulnerability exists in the Rittal IoT Interface & CMC III Processing Unit prior to version 6.21.00.2, which stems fro...

CVE-2023-42133

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version...

CVE-2023-42133

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version...

CVE-2023-42133

The CVE-2023-42133 issue affects PAX Android based POS devices. The vulnerability allows escalation of privilege via improperly configured scripts in the PayDroid runtime, requiring shell access with system account privileges to exploit. A firmware patch addressing this vulnerability is included ...

Millbeck Communications Proroute H685t-w

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Millbeck Communications Equipment : Proroute H685t-w Vulnerabilities : Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

CVE-2024-41610

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found here...

CVE-2023-5038

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

PT-2024-24619 · Samsung · Exynos 1330 +7

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos versions 850 through 2100 Samsung Mobile Processor and Wearable Processor Exynos versions 1080 Samsung Mobile Processor and Wearable Processor Exynos versions 1280 Samsung Mobile Processo...

CVE-2023-6096 using a inappropriate encryption logic

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

PT-2024-3662 · Totolink · Totolink Ac1200 Wireless Dual Band Gigabit Router

Name of the Vulnerable Software and Affected Versions: Totolink AC1200 Wireless Dual Band Gigabit Router A3002R V4 Firmware V4.0.0-B20230531.1404 Description: The issue is caused by a Buffer Overflow vulnerability in the formWlEncrypt function of the boa server, specifically triggered by the leng...

PT-2023-8711 · Zyxel · Wax300H +6

Name of the Vulnerable Software and Affected Versions: ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50W/USG20W-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmwa...

Moxa IKS, EDS Uncontrolled Resource Consumption (CVE-2019-6559)

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Moxa IKS, EDS Cross-Site Request Forgery (CVE-2019-6561)

Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Moxa EDR-G902 and EDR-G903 Series Routers Stack-Based Buffer Overflow (CVE-2020-14511)

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers versions prior to 5.4. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Moxa IKS, EDS Improper Neutralization of Input During Web Page Generation (CVE-2019-6565)

Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...