6213 matches found
📄 ESP-RFID-Tool V2 PRO Traversal / XSS / Bypass / Enumeration
ESP-RFID-Tool V2 PRO suffers from bypass, cross site request forgery, cross site scripting, information leakage, path traversal, and multiple other vulnerabilities. The vendor has seemingly taken a hostile approach to responding to these findings and is uncooperative. Security Advisory:...
EUVD-2026-26142
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
CVE-2026-20766
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras...
Milesight AIOT camera 信任管理问题漏洞
The Milesight AIOT camera is a series of intelligent video monitoring and IoT integration cameras developed by the company China Starlong Connectivity. The Milesight AIOT camera has a vulnerability related to trust management, which stems from hardcoded credentials contained in the firmware...
CVE-2026-20766
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras...
CVE-2026-20766
CVE-2026-20766 affects Milesight AIOT cameras with specific firmware versions, describing a heap-based out-of-bounds memory access vulnerability. The base CVSS scores (4.0/3.1) indicate HIGH impact to confidentiality, integrity, and availability (network-exposed, low complexity, no privileges, no...
CVE-2026-28747
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...
CVE-2026-7029
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made...
EUVD-2026-25258
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25259
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25254
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25255
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31168
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31162
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25244
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stun-user parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25246
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25260
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...
EUVD-2026-25245
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31160
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...