CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

CVE-2025-11781

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

CVE-2025-11781 Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key e.g., by analysing the firmware image or memory dump and create valid firmware updat...

Fedora 43 : linux-firmware (2025-0ef7552461)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0ef7552461 advisory. Upstream linux-firmware 20251111 release: rtlbt: Update RTL8922A BT USB firmware to 0x41C0C905 add firmware for mt7987 internal 2.5G ethernet phy rtw88: 8822...

Intel® Xeon Processor Advisory

Summary: A potential security vulnerability in some Intel® Xeon Processors may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-22374 Description: Insufficient control flow management for some Intel® Xeon...

Lexmark Printers Improper Validation of Integrity Check Value (CVE-2023-50738)

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. Lexmark documentation recommends that access to the Firmware Updates be restricted to trusted personnel. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

EUVD-2025-35894

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

EUVD-2025-35895

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

EUVD-2025-35893

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

CVE-2025-34503

CVE-2025-34503 affects Deck Mate 1. The vulnerability arises because the device executes firmware directly from an external EEPROM without verifying authenticity or integrity, enabling a physically proximate attacker to replace or reflash the EEPROM and execute arbitrary code that persists across...

PT-2025-43687

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The firmware update mechanism for Deck Mate 2 does not verify cryptographic signatures on update packages. Updates are encrypted using a single, hard-coded AES key shared across all devic...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a firmware update mechanism that does not validate cryptographic signatures and uses hard-coded AES keys, which could lead to the executio...

CVE-2025-11577

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...

CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...

AMD Secure Processor Security Update

AMD has informed HP of a potential security vulnerability in some AMD Secure Processors, which might allow loss of integrity or confidentiality. AMD has released firmware updates to mitigate this vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has identified...

Clevo UEFI 安全漏洞

Clevo UEFI is a firmware interface from Blue Sky Computer Clevo of Taiwan, China. A security vulnerability exists in Clevo UEFI that stems from the inclusion of a private signing key in firmware update packages, which could lead to malicious firmware being trusted...