Lucene search
+L

941 matches found

CNNVD
CNNVD
added 2026/02/09 12:0 a.m.9 views

Eaton Network M3 安全漏洞

Eaton Network M3 is a security network interface card developed by the American company Eaton. There is a security vulnerability in Eaton Network M3, which stems from the insecure mechanism for server identity checks executed through command shells during firmware updates. This vulnerability may...

5.7CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 5:53 p.m.4 views

CVE-2026-1315

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or applicatio...

7.1CVSS5.9AI score0.00577EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/27 5:53 p.m.29 views

CVE-2026-1315 Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or applicatio...

7.1CVSS0.00577EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.11 views

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. The TP-Link Tapo C220 v1 and TP-Link Tapo C520WS v2 have security vulnerabilities. These vulnerabilities stem from the fact that firmware updates terminate core services without verifying...

7.5CVSS5.8AI score0.00577EPSS
Exploits0References6
NVD
NVD
added 2026/01/26 10:16 a.m.14 views

CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS0.00167EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:6 a.m.13 views

CVE-2025-59107

Dormakaba’s FWServiceTool uses an encrypted ZIP to deliver firmware for Access Managers. A static password is embedded to decrypt and extract the firmware, and this password has been valid across multiple firmware versions. This enables local access to firmware content, affecting confidentiality ...

8.5CVSS5.9AI score0.00167EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.11 views

SuperMicro MBD-X13SEM-F security vulnerabilities

The SuperMicro MBD-X13SEM-F is a server motherboard produced by the American company SuperMicro. The MBD-X13SEM-F contains a security vulnerability, which stems from issues with the BMC firmware verification logic. This vulnerability could allow attackers to use customized image updates to update...

8.4CVSS5.8AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 1:16 p.m.6 views

CVE-2026-22911

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...

7.5CVSS0.00479EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/15 1:2 p.m.5 views

EUVD-2026-2812

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...

5.3CVSS6.7AI score0.00479EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-2992

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description Firmware update files may reveal password hashes for system accounts. A remote attacker could potentially recover credentials and obtain unauthorized access to the device. Recommendations At the...

7.5CVSS6.7AI score0.00479EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.10 views

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway from the German company SICK. The SICK TDC-X401GL has a security vulnerability. This vulnerability arises from the possibility that firmware update files may expose the hash of system account passwords, allowing remote attackers to retrieve...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.10 views

CVE-2021-22673

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK...

8CVSS7.8AI score0.01209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities...

6.8CVSS8.1AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37020

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities...

6.8CVSS8.1AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:8 a.m.9 views

CVE-2019-20667

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30...

6CVSS6.5AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:39 a.m.10 views

CVE-2017-18743

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300...

8.8CVSS7.1AI score0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 4:14 p.m.23 views

CVE-2026-21639

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution RCE within the affected product. Affected Products: airMAX AC Version 8.7.20 and earlier airMAX M Version 6.3.22 and earlier airFiber AF60-XG...

0.00269EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 6:15 p.m.6 views

CVE-2025-15258

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

6.1CVSS5.5AI score0.00221EPSS
Exploits1References4
CVE
CVE
added 2025/12/30 5:32 p.m.13 views

CVE-2025-15258

CVE-2025-15258 affects Edimax BR-6208AC (versions 1.02–1.03). The Web-based Configuration Interface’s formALGSetup handler at /goform/formALGSetup can be manipulated via the wlan-url argument to trigger an open redirect, with remote access and publicly available exploit evidence. Multiple sources...

6.1CVSS4.6AI score0.00221EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/30 5:2 p.m.4 views

CVE-2025-15257

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

9.8CVSS5.3AI score0.04442EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder