SuperMicro MBD-X13SEM-F security vulnerabilities

The SuperMicro MBD-X13SEM-F is a server motherboard produced by the American company SuperMicro. The MBD-X13SEM-F contains a security vulnerability, which stems from issues with the BMC firmware verification logic. This vulnerability could allow attackers to use customized image updates to update...

CVE-2026-22911

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...

EUVD-2026-2812

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...

PT-2026-2992

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description Firmware update files may reveal password hashes for system accounts. A remote attacker could potentially recover credentials and obtain unauthorized access to the device. Recommendations At the...

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway from the German company SICK. The SICK TDC-X401GL has a security vulnerability. This vulnerability arises from the possibility that firmware update files may expose the hash of system account passwords, allowing remote attackers to retrieve...

CVE-2021-22673

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK...

CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities...

CVE-2022-37020

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities...

CVE-2019-20667

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30...

CVE-2017-18743

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300...

CVE-2026-21639

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution RCE within the affected product. Affected Products: airMAX AC Version 8.7.20 and earlier airMAX M Version 6.3.22 and earlier airFiber AF60-XG...

CVE-2025-15258

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

CVE-2025-15258

CVE-2025-15258 affects Edimax BR-6208AC (versions 1.02–1.03). The Web-based Configuration Interface’s formALGSetup handler at /goform/formALGSetup can be manipulated via the wlan-url argument to trigger an open redirect, with remote access and publicly available exploit evidence. Multiple sources...

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

CVE-2025-10910

CVE-2025-10910 describes a binding-flaw in Govee’s cloud platform that allows a remote attacker to bind an existing online Govee device to the attacker’s account, granting full control and removing it from the legitimate owner’s account. The server-side API accepts identifiers (device, sku, type)...

Netun Solutions HelpFlash IoT 安全漏洞

Netun Solutions HelpFlash IoT is a smart connected vehicle emergency warning light from Netun Solutions, Spain. A security vulnerability exists in Netun Solutions HelpFlash IoT version v18178221102ASCIIPRO1R550, which stems from an OTA firmware update mechanism that uses hard-coded WiFi credentia...

Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

Overview A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU...

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...