14 matches found
CVE-2017-20235
CVE-2017-20235 affects ProSoft Technology ICX35-HWC gateways (firmware version 1.3 and earlier). The issue is an authentication bypass in the web user interface that lets unauthenticated attackers access administrative functions and full device configuration without valid credentials. Affected co...
CVE-2026-25819
CVE-2026-25819 affects HMS Networks Ewon Flexy and Cosy+ devices. Vulnerable versions include Flexy firmware before 15.0s4, Cosy+ firmware 22.xx before 22.1s6, and Cosy+ firmware 23.xx before 23.0s3. The issue allows unauthenticated attackers with GUI access to trigger a specially crafted HTTP re...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
CVE-2026-27515
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions...
CVE-2021-20856
Cross-site scripting vulnerability in ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-27450
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E all firmware versions prior to v04A00.1...
CVE-2023-6229
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07...
CVE-2023-5961
A Cross-Site Request Forgery CSRF vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This...
Design/Logic Flaw
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50JPV3230505', Archer C55 firmware versions prior to 'Archer C55JPV1230506', and Archer C20 firmwar...
Linksys E5350 访问控制错误漏洞
Linksys E5350 is a router from Linksys USA. An access control error vulnerability exists in the Linksys E5350 WiFi Router version 1.0.00.037 and prior versions. An attacker could exploit this vulnerability to access the device's web interface and extract sensitive information...
Hardcoded credentials
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 all firmware versions prior to 02A04.1...
CVE-2018-5452
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro ProConOS v.4.01.280 firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547...
CVE-2017-7909
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access...
Lantronix Secure Console Server SCS820SCS1620 - Multiple Local Vulnerabilities
Lantronix Secure Console Server SCS820SCS1620 - Multiple Local Vulnerabilities source: https://www.securityfocus.com/bid/14486/info Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to multiple local vulnerabilities. The first issue is an insecure default permission...