CVE-2026-7255

UNSUPPORTED WHEN ASSIGNED An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication...

PT-2026-39934

UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2026-4478

Yi Technology YI Home Camera 2 (version 2.1.1_20171024151200) is affected by CVE-2026-4478 due to improper verification of cryptographic signatures in the HTTP Firmware Update Handler (file path: home/web/ipc). The root cause is in the firmware update flow, enabling a remote attack with high impa...

CVE-2026-24437 Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

EDIMAX BR-6208AC 安全漏洞

The EDIMAX BR-6208AC is a wireless broadband router from Taiwan, China's Xunzhou EDIMAX Corporation. A security vulnerability exists in EDIMAX BR-6208AC version V21.02, which stems from improper cleaning of the pppUserName field, which could lead to a command injection attack...

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

PT-2025-47460

Name of the Vulnerable Software and Affected Versions ITEL ISO FM SFN Adapter versions ISO2 2.0.0.0 and WebServer 2.0 Description The ITEL ISO FM SFN Adapter is susceptible to session hijacking because of inadequate session management on the /home.html endpoint. An attacker can gain access to an...

CVE-2025-60694

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...

CVE-2025-47824

Flock Safety LPR License Plate Reader devices with firmware through 2.2 have cleartext storage of code...

CVE-2023-22297

Access of memory location after end of buffer in some IntelR Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Atom Integrated System Info v22 for DCN35 A new request from KMD/VBIOS is to support a new UMA carveout model. This resolves a null dereference issue when accessing Ctx-dcbios-integratedinfo, as this variable...

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

CVE-2024-9644

CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...

CVE-2024-9643

CVE-2024-9643 concerns the Four-Faith F3x36 router with firmware version v2.0.0 , where an authentication bypass is caused by hard-coded credentials in the administrative web server . The description and connected sources confirm that an attacker who knows the credentials can gain administrative ...

CVE-2024-11864

Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP...

PT-2025-1703

Name of the Vulnerable Software and Affected Versions SCP-Firmware versions up to and including 2.15.0 Description Specifically crafted SCMI messages sent to an SCP may lead to a Usage Fault and crash the SCP. Recommendations For SCP-Firmware versions up to and including 2.15.0, consider...

CVE-2024-12856

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

CVE-2024-52789

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...