22 matches found
Tenda CX12L 缓冲区错误漏洞
The Tenda CX12L is a home-use wireless router device from the Chinese company Tenda. The version 16.03.53.12 of the Tenda CX12L contains a buffer error vulnerability. This vulnerability stems from improper operation of the function in the file/goform/SetPptpServerCfg, which may lead to a stack...
EUVD-2015-8564
Malware in sbrugna...
EUVD-2015-6438
Malware in sbrugna...
Malicious code in home-device-inventory (npm)
The package home-device-inventory was found to contain malicious code...
MAL-2025-22511 Malicious code in home-device-inventory (npm)
The package home-device-inventory was found to contain malicious code...
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
Svakom Siime Eye 安全漏洞
Svakom Siime Eye is a smart home device from Svakom USA. A security vulnerability exists in Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14, which stems from vulnerability to cross-site request forgery attacks...
Malicious code in @assurantlabs/home-device-inventory (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9af4bb0451549784551651c28cdaaa58ba61dff221c8c9b2dced0075f92a10f The OpenSSF Package Analysis project identified '@assurantlabs/home-device-inventory' @ 999.100.1 npm as malicious. It is considered malicious...
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...
Verizon 5G Home LVSKIHP 操作系统命令注入漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0, which stems from a lack of property...
A week in security (December 28 – January 3)
First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...
Samsung SmartThings Hub Buffer Overflow Vulnerability
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of the video-core HTTP server in Samsung SmartThings Hub STH-ETH-250 using firmware...
CVE-2015-6498
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...
Code injection
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...
CVE-2015-6498
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices...
CVE-2015-6498
Affected product: Alcatel-Lucent Home Device Manager before 4.1.10 and 4.2.x before 4.2.2. Vulnerability: remote attackers can spoof and make calls as target devices. Root cause details are not provided beyond the spoofing capability. Impact: enables spoofing of calls to target devices. Remediati...
iSmartAlarm cube device encryption issue vulnerability
The iSmartAlarm cube devices are a smart home device from iSmartAlarm USA. An authentication bypass vulnerability exists in iSmartAlarm cube devices. A remote attacker can exploit this vulnerability to execute commands...
CVE-2015-8687
The CVE-2015-8687 lies in the Alcatel-Lucent Motive Home Device Manager (HDM) Management Console, with multiple reflected XSS vulnerabilities in HDM
KDDI HOME SPOT CUBE devices open redirection vulnerability
KDDI HOME SPOT CUBE is a home wireless router product from KDDI Japan. An open redirection vulnerability exists in previous versions of KDDI HOME SPOT CUBE 2. A remote attacker can exploit this vulnerability to redirect users to an arbitrary web site to conduct phishing attacks...