271 matches found
EUVD-2020-5714
Malware in sbrugna...
EUVD-2018-20688
Malware in sbrugna...
EUVD-2019-2440
Malware in sbrugna...
EUVD-2020-5723
Malware in sbrugna...
EUVD-2020-7478
Malware in sbrugna...
EUVD-2024-37883
Malicious code in bioql PyPI...
EUVD-2021-31312
Malicious code in bioql PyPI...
EUVD-2025-25797
Malicious code in bioql PyPI...
EUVD-2025-25800
Malicious code in bioql PyPI...
EUVD-2023-34208
Malicious code in bioql PyPI...
EUVD-2023-34457
Malicious code in bioql PyPI...
ABB Terra AC Wallbox
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...
Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise
Each year at DEF CON’s IoT Village, Rapid7 researchers showcase their skills in penetration testing, hardware hacking, and more. At DEF CON 33, Principal Security Researcher, IoT, Deral Heiland took attendees step by step through a brand-new, hands-on exercise that pushed past last year’s lessons...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
Meitrack T366G-L GPS Tracker 安全漏洞
Meitrack T366G-L GPS Tracker is a vehicle GPT locator from Meitrack China. A security vulnerability exists in the Meitrack T366G-L GPS Tracker, which originates from improper access control of the SPI flash memory chip and could lead to the disclosure of sensitive configuration data...
PT-2025-35101
Name of the Vulnerable Software and Affected Versions: Meitrack T366G-L GPS Tracker devices affected versions not specified Description: The SPI flash chip Winbond 25Q64JVSIQ in Meitrack T366G-L GPS Tracker devices is accessible without authentication or tamper protection. An attacker with physic...
CVE-2025-25735
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...
CVE-2025-25735
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...
CVE-2025-25733
Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...
PT-2025-34781 · Kapsch Trafficcom · Ris-9160 +1
Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: An incorrect access control issue exists in the SPI Flash Chip of the affected devices. This allows physically...