Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:5 a.m.7 views

CVE-2019-20501

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter...

7.8CVSS7.5AI score0.90482EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/12/30 3:7 p.m.6 views

CVE-2025-15192

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...

8.8CVSS6.9AI score0.03443EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-14182

Malware in sbrugna...

9.8CVSS6.9AI score0.01163EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17804

Malware in sbrugna...

10CVSS9.5AI score0.01483EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42735

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00618EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19720

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00701EPSS
Exploits1References3
Talos
Talos
added 2025/08/20 12:0 a.m.12 views

Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability

Talos Vulnerability Report TALOS-2025-2161 Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability August 20, 2025 CVE Number CVE-2025-31355 SUMMARY A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A...

9.8CVSS7.2AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/16 7:23 p.m.10 views

CVE-2025-8978

A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

8.1CVSS7.1AI score0.00463EPSS
Exploits1References1
NVD
NVD
added 2025/08/06 4:15 p.m.4 views

CVE-2025-48393

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton...

5.7CVSS0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.3 views

CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

8.6CVSS7.4AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.5 views

PT-2025-27629 · Gfi · Gfi Kerio Control

Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: A remote code execution issue allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .i...

9.4CVSS7.8AI score0.00701EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/06/04 12:12 p.m.12 views

CVE-2025-5444

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RPUpgradeFWByBBS of the file /goform/RPUpgradeFWByBBS. The manipulation of...

9.8CVSS7.3AI score0.21289EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.8 views

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

9.8CVSS7.7AI score0.00618EPSS
Exploits0
NVD
NVD
added 2025/02/26 9:15 p.m.24 views

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

7.5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.24 views

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.8 views

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.9AI score0.02551EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.7 views

TP-LINK TL-WR1043ND 安全漏洞

The TP-LINK TL-WR1043ND is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR1043ND firmware v1 3.13.15 and earlier versions, which can be exploited by an authenticated attacker to achieve arbitrary code execution or denial of service by uploading a crafted...

4.8CVSS6.1AI score0.00343EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.6 views

TP-LINK TL-WR740N 安全漏洞

The TP-LINK TL-WR740N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR740N V1 and V2 firmware v3.12.4 and earlier versions, which originates from the ability of an authenticated attacker to achieve arbitrary code execution or denial of service by...

4.8CVSS6AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2022/03/23 8:15 p.m.5 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS5.8AI score0.01163EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2021/10/11 12:0 a.m.419 views

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: 2.7.1.5659 2.0.5.3356-184 Summary: CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a...

0.7AI score
Exploits0
Rows per page
Query Builder