CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

CVE-2025-40938

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability...

EUVD-2025-24558

Malicious code in bioql PyPI...

EUVD-2025-24561

Malicious code in bioql PyPI...

CVE-2025-55280

This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the...

CVE-2025-54464

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...

PT-2025-32979 · Zkteco · Zkteco Wl20

Name of the Vulnerable Software and Affected Versions: ZKTeco WL20 affected versions not specified Description: The vulnerability stems from the storage of administrator and user credentials without encryption within the device firmware. An attacker with physical access can exploit this by...

PT-2025-32982 · Zkteco · Zkteco Wl20

Name of the Vulnerable Software and Affected Versions: ZKTeco WL20 affected versions not specified Description: The device stores Wi-Fi credentials, configuration data, and system data in plaintext within the device firmware. An attacker with physical access can extract the firmware and reverse...

CVE-2024-9991

This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the...

Tinxy 安全漏洞

Tinxy is an IoT product application from Tinxy, Inc. A security vulnerability exists in Tinxy that stems from storing plaintext credentials in the firmware, which could lead to credential disclosure...

PT-2024-16342 · Tp Link · Tp-Link Iot Smart Hub

Name of the Vulnerable Software and Affected Versions: TP-Link IoT Smart Hub affected versions not specified Description: The issue exists due to the storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmwa...

CVE-2024-41691

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...

SyroTech SY-GPON-1110-WDONT 安全漏洞

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from unencrypted storage of WPA/WPS credentials in the router firmware/database. An attacker can exploit this vulnerability to obtain...

SyroTech SY-GPON-1110-WDONT 安全漏洞

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a lack of encryption when storing usernames and passwords in the router's firmware/database. An attacker can exploit this...

PT-2024-29868 · Digisol · Digisol Router

Name of the Vulnerable Software and Affected Versions: Digisol Router DG-GR1321 version v3.2.02 Description: This issue is caused by the lack of encryption or hashing in storing passwords within the router's firmware/database. An attacker with physical access could exploit this by extracting the...

PT-2024-29508 · Syrotech · Sy-Gpon-1110-Wdont Router

Name of the Vulnerable Software and Affected Versions: SyroTech SY-GPON-1110-WDONT Router affected versions not specified Description: This issue is related to the lack of encryption in storing usernames and passwords within the router's firmware/database. An attacker with physical access could...

CVE-2022-28383

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive e.g., by leveraging physical access during the supply chain. This code is then...

WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...

CVE-2017-5722

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage...

CVE-2017-5722

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage...