36 matches found
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group GTIG said this week it had reduced the network's pool of usable devices by...
Maintaining Security and Protecting Smart Home Devices from Hackers
Learn how to protect smart home devices from hackers. Strong passwords, updates and secure networks help keep cameras, sensors and data safe...
CVE-2026-23833
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...
CVE-2020-7232
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...
Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack
Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks...
EUVD-2020-28360
Malware in sbrugna...
EUVD-2022-28108
Malicious code in bioql PyPI...
EUVD-2025-11143
Malicious code in bioql PyPI...
CVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices...
CVE-2019-15913
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages...
CVE-2025-31654
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
CVE-2025-31654
CVE-2025-31654 concerns Growatt Cloud Applications where an attacker can obtain information about the groups of smart home devices for arbitrary users (i.e., the users’ “rooms”). The CVE appears across multiple sources (NVD, Red Hat, CVE List, CVSS metrics) and is associated with the Growatt clou...
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
PT-2025-16493 · Growatt · Cloud Portal
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An attacker can obtain information about the groups of smart home devices for arbitrary users, referred to as "rooms". Recommendations: At the moment, there is no information about a newer...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which stems from an attacker's ability to gain access to any user's smart home device group information...
编号撤回
Envoy is an Enphase open source gateway program for connecting smart home devices. This CVE number has been withdrawn...
Envoy 安全漏洞
Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in versions prior to Envoy 1.32.0 that stems from allowing an external client to manipulate the Envoy header, which can lead to unauthorized access or other malicious operations with...
CVE-2022-28372
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...
Hackers using smart home devices to live streaming swatting attacks
By Deeba Ahmed The F.B.I. is warning users to use strong credentials to prevent their smart devices from being used during swatting attacks. Here's how to. This is a post from HackRead.com Read the original post: Hackers using smart home devices to live streaming swatting attacks...