Lucene search
K

19 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/19 5:58 a.m.4 views

Multiple vulnerabilities in I-O DATA wireless LAN routers

Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...

8.6CVSS7.7AI score0.01149EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/30 1:41 p.m.18 views

CVE-2025-2865

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

2.4CVSS6.3AI score0.0017EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/30 1:39 p.m.13 views

CVE-2025-2862

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...

6.9CVSS7.3AI score0.00198EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/30 1:39 p.m.12 views

CVE-2025-2860

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...

6.9CVSS6.8AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/30 1:38 p.m.22 views

CVE-2025-2861

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...

6.9CVSS7AI score0.00226EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 2:15 p.m.18 views

CVE-2025-2865

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

6.1CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 2:15 p.m.9 views

CVE-2025-2861

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...

7.5CVSS0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/03/28 2:15 p.m.4 views

CVE-2025-2862

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 2:15 p.m.30 views

CVE-2025-2862

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...

7.5CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 1:24 p.m.25 views

CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...

2.4CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 1:23 p.m.60 views

CVE-2025-2864

CVE-2025-2864 describes a reflected Cross-Site Scripting (XSS) vulnerability in SaTECH BCU firmware 2.1.3. The issue allows an attacker to inject malicious code into a legitimate website owned by the affected device, triggered when a cookie is set. The impact is limited to the victim’s browser; n...

6.1CVSS7.2AI score0.00215EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 1:23 p.m.12 views

CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

2CVSS7.2AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 1:22 p.m.12 views

CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU

Cross-site request forgery CSRF vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend ...

5.7CVSS7.4AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 1:22 p.m.18 views

CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU

Cross-site request forgery CSRF vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend ...

5.7CVSS0.00094EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 1:22 p.m.56 views

CVE-2025-2863

The CVE-2025-2863 entry concerns a CSRF vulnerability in saTECH BCU firmware version 2.1.3. The issue could let an unauthenticated local attacker hijack active administrator sessions and trigger actions such as rebooting the device or changing roles/permissions, depending on the logged-in user. T...

7.8CVSS7.4AI score0.00094EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 1:15 p.m.11 views

CVE-2025-2862 Weak Encoding for Password vulnerability in saTECH BCU

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...

6.9CVSS7.2AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 1:11 p.m.17 views

CVE-2025-2861 Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...

6.9CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 1:10 p.m.10 views

CVE-2025-2860 Exposure of Sensitive Information vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...

6.9CVSS6.8AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 1:8 p.m.59 views

CVE-2025-2858

CVE-2025-2858 describes a privilege-escalation in saTECH BCU firmware 2.1.3. An attacker with CLI access could use the nice command to bypass restrictions and elevate to superuser. Multiple sources (NVD, Red Hat, CVE lists, and related enrichments) confirm the vulnerable component and impact as d...

8.8CVSS7.6AI score0.00263EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder