EUVD-2026-23270

An issue in the Bluetooth Low Energy BLE control interface of the Yamaha SR-B30A sound bar firmware 2.40 Mobile App: Sound Bar Remote / version: 2.40 allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol...

CVE-2026-37100

An issue in the Bluetooth Low Energy BLE control interface of the Yamaha SR-B30A sound bar firmware 2.40 Mobile App: Sound Bar Remote / version: 2.40 allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol...

CVE-2025-13777

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

PT-2026-22372

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

PT-2025-39211

Name of the Vulnerable Software and Affected Versions Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware version 2.2.14 Description The web management interface contains an authenticated Cross-Site Request Forgery CSRF issue on the reboot endpoint /boaform/admin/formReboot. An attacker can...

CVE-2025-47823

Flock Safety LPR License Plate Reader devices with firmware through 2.2 have a hardcoded password for a system...

CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...

PT-2024-6506 · D Link · D-Link Dir-860L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-860L version 2.03 Description: The issue is related to a buffer overflow vulnerability in the gena.cgi file of the D-Link DIR-860L router's firmware. This vulnerability is caused by the lack of length verification for the SID field...

CVE-2023-45194

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 -D/-K/-S/-DK/-DKS/-M/-W firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communicati...

Exploit for Missing Authentication for Critical Function in Ic Realtime_Icip-P2012T_Firmware

CVE-2023-31594 IC Realtime ICIP-P2012T is vulnerable to Incorr...

CVE-2023-25946

Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...

SUSE CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

CVE-2022-28635

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

Hewlett Packard Enterprise Integrated Lights-Out 5 安全漏洞

Hewlett Packard Enterprise Integrated Lights-Out 5 iLO 5 is a remote control solution from Hewlett Packard Enterprise. The solution enables remote monitoring and operation of IT assets such as servers. A security vulnerability exists in Hewlett Packard Enterprise Integrated Lights-Out 5 iLO 5...

PT-2022-10169 · Moxa · Moxa Nport Iaw5000A-I/O

Name of the Vulnerable Software and Affected Versions: Moxa NPort IAW5000A-I/O series firmware versions 2.2 or earlier Description: The issue is related to improper input validation in the built-in web server, which may allow a remote attacker to execute commands. Recommendations: For Moxa NPort...

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

CVE-2020-25153

The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords...

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...