122 matches found
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-27852
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2025-27851
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...
EUVD-2025-209830
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...
EUVD-2025-209828
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
EUVD-2025-209829
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...
EUVD-2025-209831
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2025-27852
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...
CVE-2025-27851
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...
Garmin WDU 安全漏洞
Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from allowing reflective cross-site scripting attacks...
Garmin WDU 安全漏洞
Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic devices. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow symbolic link attacks, which...
Garmin WDU 安全漏洞
Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic devices. Both the Garmin WDU v1 1.4.6 version and v2 5.0 version contain security vulnerabilities. These vulnerabilities stem from authentication bypasses, allowing...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
CVE-2025-27852
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...
CVE-2025-27853
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...
PT-2026-40796
Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a cross-site origin WebSocket hijacking attack. The system utilizes WebSockets to manage settings, including administrative configurations, which...
CVE-2025-27850
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...