19 matches found
Multiple vulnerabilities in I-O DATA wireless LAN routers
Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...
CVE-2025-2865
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-2862
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...
CVE-2025-2860
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...
CVE-2025-2861
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-2865
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-2861
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-2862
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...
CVE-2025-2862
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...
CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-2864
CVE-2025-2864 describes a reflected Cross-Site Scripting (XSS) vulnerability in SaTECH BCU firmware 2.1.3. The issue allows an attacker to inject malicious code into a legitimate website owned by the affected device, triggered when a cookie is set. The impact is limited to the victim’s browser; n...
CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...
CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU
Cross-site request forgery CSRF vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend ...
CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU
Cross-site request forgery CSRF vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend ...
CVE-2025-2863
The CVE-2025-2863 entry concerns a CSRF vulnerability in saTECH BCU firmware version 2.1.3. The issue could let an unauthenticated local attacker hijack active administrator sessions and trigger actions such as rebooting the device or changing roles/permissions, depending on the logged-in user. T...
CVE-2025-2862 Weak Encoding for Password vulnerability in saTECH BCU
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption...
CVE-2025-2861 Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-2860 Exposure of Sensitive Information vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web .xml file. In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website...
CVE-2025-2858
CVE-2025-2858 describes a privilege-escalation in saTECH BCU firmware 2.1.3. An attacker with CLI access could use the nice command to bypass restrictions and elevate to superuser. Multiple sources (NVD, Red Hat, CVE lists, and related enrichments) confirm the vulnerable component and impact as d...