46 matches found
CVE-2026-7255
UNSUPPORTED WHEN ASSIGNED An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication...
PT-2026-39934
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-4478
Yi Technology YI Home Camera 2 (version 2.1.1_20171024151200) is affected by CVE-2026-4478 due to improper verification of cryptographic signatures in the HTTP Firmware Update Handler (file path: home/web/ipc). The root cause is in the firmware update flow, enabling a remote attack with high impa...
HPESBHF05014 rev.1 - Certain HPE StoreEasy Servers Using Certain Intel Processors, INTEL-SA-01314, 2025.4 IPU, Intel TDX Module Advisory, Local Escalation of Privilege Vulnerability
Potential Security Impact: Local: Escalation of Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE StoreEasy 1470 Performance - Prior to v2.7211-27-2025 U63 ROM Family HPE StoreEasy 1470 Storage - Prior to v2.7211-27-2025 U63 ROM Family HPE StoreEasy 1570 Performance -...
CVE-2026-24437 Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
EDIMAX BR-6208AC 安全漏洞
The EDIMAX BR-6208AC is a wireless broadband router from Taiwan, China's Xunzhou EDIMAX Corporation. A security vulnerability exists in EDIMAX BR-6208AC version V21.02, which stems from improper cleaning of the pppUserName field, which could lead to a command injection attack...
CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...
HPESBCR04980 rev.1 - HPE Cray XD670 Server Using Certain Intel Processors, INTEL-SA-01312, Intel TDX Module Advisory, Multiple Vulnerabilities
Potential Security Impact: Local: Disclosure of Information, Escalation of Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Cray XD670 - Prior to v2.06 CVSS Scores: | CVE | CVSS Vector | Base Score | | --- | --- | --- | | CVE-2025-20613 |...
PT-2025-47460
Name of the Vulnerable Software and Affected Versions ITEL ISO FM SFN Adapter versions ISO2 2.0.0.0 and WebServer 2.0 Description The ITEL ISO FM SFN Adapter is susceptible to session hijacking because of inadequate session management on the /home.html endpoint. An attacker can gain access to an...
CVE-2025-60694
A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...
CVE-2025-47824
Flock Safety LPR License Plate Reader devices with firmware through 2.2 have cleartext storage of code...
CVE-2023-22297
Access of memory location after end of buffer in some IntelR Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Atom Integrated System Info v22 for DCN35 A new request from KMD/VBIOS is to support a new UMA carveout model. This resolves a null dereference issue when accessing Ctx-dcbios-integratedinfo, as this variable...
CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
CVE-2024-9644
CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...
CVE-2024-9643
CVE-2024-9643 concerns the Four-Faith F3x36 router with firmware version v2.0.0 , where an authentication bypass is caused by hard-coded credentials in the administrative web server . The description and connected sources confirm that an attacker who knows the credentials can gain administrative ...
CVE-2024-11864
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP...
PT-2025-1703
Name of the Vulnerable Software and Affected Versions SCP-Firmware versions up to and including 2.15.0 Description Specifically crafted SCMI messages sent to an SCP may lead to a Usage Fault and crash the SCP. Recommendations For SCP-Firmware versions up to and including 2.15.0, consider...
CVE-2024-12856
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...