22 matches found
CVE-2019-20501
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter...
CVE-2025-15192
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fotaurl leads to command injection. The attack can be executed remotely. The exploit has been...
EUVD-2021-14182
Malware in sbrugna...
EUVD-2017-17804
Malware in sbrugna...
EUVD-2024-42735
Malicious code in bioql PyPI...
EUVD-2025-19720
Malicious code in bioql PyPI...
Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability
Talos Vulnerability Report TALOS-2025-2161 Tenda AC6 V5.0 Firmware Signature Validation firmware update vulnerability August 20, 2025 CVE Number CVE-2025-31355 SUMMARY A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A...
CVE-2025-8978
A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...
CVE-2025-48393
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton...
CVE-2025-53022
TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...
PT-2025-27629 · Gfi · Gfi Kerio Control
Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: A remote code execution issue allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .i...
CVE-2025-5444
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RPUpgradeFWByBBS of the file /goform/RPUpgradeFWByBBS. The manipulation of...
CVE-2024-47943
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...
CVE-2024-50696
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...
CVE-2024-50696
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...
CVE-2022-28494
TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
TP-LINK TL-WR1043ND 安全漏洞
The TP-LINK TL-WR1043ND is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR1043ND firmware v1 3.13.15 and earlier versions, which can be exploited by an authenticated attacker to achieve arbitrary code execution or denial of service by uploading a crafted...
TP-LINK TL-WR740N 安全漏洞
The TP-LINK TL-WR740N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR740N V1 and V2 firmware v3.12.4 and earlier versions, which originates from the ability of an authenticated attacker to achieve arbitrary code execution or denial of service by...
CVE-2021-27428
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: 2.7.1.5659 2.0.5.3356-184 Summary: CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a...