Lucene search
K

4271 matches found

CVE
CVE
added yesterday13 views

CVE-2026-15481

The CVE-2026-15481 affects Trendnet TEW-635BRM firmware up to 1.00.03, specifically the IPoA WAN Connection Setup component’s /sbin/rc function ipoa_test. A manipulation of the ipoa_ipaddr argument enables remote command injection, with network access as the attack vector and no user interaction ...

9CVSS6.7AI score0.00429EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday29 views

CVE-2026-15480 Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function starthttpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument devicename leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is...

9CVSS0.00419EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57532

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.11B03 Description An OS command injection flaw exists in the Firmware Update Handler component. A remote attacker can trigger this issue by manipulating the Hostname argument within the sub 41FBD0 function of the...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-42649

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS6AI score0.00324EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42648

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-51605

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.991 allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request...

7.5CVSS0.0041EPSS
Exploits0References1
NVD
NVD
added 4 days ago11 views

CVE-2026-51604

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...

7.5CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-51604

CVE-2026-51604 describes a stack-based buffer overflow in the RTSP service of the Tenda CP3 V3.0 firmware (V31.1.9.91). The vulnerability is triggered by processing a crafted PLAY request and can be exploited by an unauthenticated remote attacker to cause a denial of service. Affected component: ...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-51605

CVE-2026-51605 affects Tenda CP3 V3.0 firmware V31.1.9.991, specifically the RTSP service. A stack-based buffer overflow allows an unauthenticated remote attacker to cause a denial of service via a crafted TEARDOWN request. The available sources consistently describe the vulnerability type and im...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-51601

Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...

0.0041EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-51604

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...

7.5CVSS6.3AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 7:16 p.m.9 views

CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 6:35 p.m.8 views

CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-58452

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:54 p.m.7 views

CVE-2026-32833

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

8.8CVSS6.7AI score0.0134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 7:54 p.m.7 views

EUVD-2026-39862

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

8.8CVSS6.7AI score0.0134EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 3:16 p.m.10 views

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS0.00431EPSS
Exploits0References4
Rows per page
Query Builder