15 matches found
CVE-2026-25775
CVE-2026-25775 concerns SenseLive X3050, where the remote management service allows firmware retrieval and updates without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, the integrity of uploaded images, ...
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
EUVD-2026-25351
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
CVE-2026-25775
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
PT-2026-34800
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the remote management service, which allows unauthorized or unauthorized users to...
EUVD-2022-55427
Malicious code in bioql PyPI...
CVE-2022-0553
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...
Code injection
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...
CVE-2022-0553
CVE-2022-0553 concerns Zephyr RTOS: a missing check on whether slot 0 is uploaded from the device to the host allows retrieval of unencrypted firmware when encrypted images are used. The root cause is the upload check omission, enabling potential exposure of firmware. Impact is stated as high con...
CVE-2022-0553 Possible to retrieve uncrypted firmware image
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily...
My Adventures Hacking the iParcelBox
ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...
My Adventures Hacking the iParcelBox
ARCHIVED STORY My Adventures Hacking the iParcelBox By Sam Quinn · June 18, 2020 In 2019, McAfee Advanced Threat Research ATR disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO of iParcelBox, a U.K. company, reached out to us and offered to send a few of their...
Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability
A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server. The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to...