24 matches found
Security information for Hitachi Disk Array Systems
Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...
CVE-2025-9696
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
CVE-2025-9696
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
CVE-2025-9696
CVE-2025-9696 concerns SunPower PVS6 BluetoothLE security. The vulnerability arises from the device’s Bluetooth Low Energy interface using hardcoded encryption parameters and publicly accessible protocol details, enabling an attacker in Bluetooth range to gain full access to the servicing interfa...
PT-2025-35584
Name of the Vulnerable Software and Affected Versions: SunPower PVS6 affected versions not specified Description: The SunPower PVS6’s BluetoothLE interface is vulnerable due to the use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range...
CVE-2019-19143
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI...
CVE-2024-29149
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...
CVE-2024-29149
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8NOE-R300.1.40.12.4180 and SIP deskphones through 86x8SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmwar...
PT-2024-13785 · Bosch · Bcc102 +3
Name of the Vulnerable Software and Affected Versions: Bosch BCC100 smart thermostat affected versions not specified BCC101/BCC102/BCC50 products affected versions not specified Description: A vulnerability allows an unauthenticated attacker to replace the device’s firmware with a malicious one b...
NETGEAR WPN824EXT 安全漏洞
The NETGEAR WPN824EXT is a WiFi Range Extender from NETGEAR. A security vulnerability exists in the NETGEAR WPN824EXT WiFi Range Extender version 1.1.11.1.9, which can be exploited by an attacker to replace a user uploaded firmware image with a raw old firmware image via a MITM attack...
CVE-2020-15501
Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Authentication flaw
Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2020-15501
The CVE-2020-15501 entry applies to the Smarter Coffee Maker before the 2nd generation. The vulnerability allows firmware replacement without authentication or authorization; user interaction is required (pressing a button). The issue affects products that are no longer supported by the maintaine...
PT-2020-14463 · Smarter · Smarter Coffee Maker
Name of the Vulnerable Software and Affected Versions: Smarter Coffee Maker versions before 2nd generation Description: The issue allows firmware replacement without authentication or authorization. User interaction is required to press a button. This problem only affects products that are no...
Intelbras Wireless N 150Mbps WRN240 Authentication Bypass
Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass Config Upload Date: 2019-11-20 Exploit Author: Elber Tavares Vendor Homepage: https://www.intelbras.com/ Software Link: http://en.intelbras.com.br/node/1033 Version: Intelbras Wireless N 150Mbps - WRN240 Tested on: linux,...
CVE-2019-19143
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI...
CVE-2019-19142
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI...
CVE-2019-19142
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI...