36 matches found
Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability
Talos Vulnerability Report TALOS-2025-2291 Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability March 16, 2026 CVE Number CVE-2025-62501 SUMMARY A misconfiguration vulnerability exists in the SSH Hostkey functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.549015553. A specially...
CVE-2025-62501
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
CVE-2025-62501
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
CVE-2025-62501
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
EUVD-2025-206674
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
PT-2026-5936
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A misconfiguration in the SSH hostkey within the tmpserver modules of TP-Link Archer AX53 allows attackers to potentially obtain device credentials. This is achievable...
MiracleLinux 9 : openssh-8.7p1-29.el9 (AXSA:2023-6041:05)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6041:05 advisory. openssh: the functions orderhostkeyalgs and listhostkeytypes leads to double-free vulnerability CVE-2023-25136 Tenable has extracted the preceding descriptio...
EUVD-2007-1096
Malware in sbrugna...
Required Package Changes in Solaris 10 and 11.3
Challenge Solaris 10 does not include the CA certificates required for S3 repository connections, nor does it natively provide OpenSSH with modern features. For secure S3 access and SSH communications with the Veeam Software Appliance VSA for Veeam Backup & Replication, you must install both...
USN-6279-1: OpenSSH update
It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the...
USN-6279-1 openssh update
It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the...
openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability
A flaw was found in the OpenSSH server sshd, which introduced a double-free vulnerability during options.kexalgorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration...
SUSE CVE-2011-3588
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers...
golang.org/x/crypto/ssh Man-in-the-Middle attack
The Go SSH library golang.org/x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks if ClientConfig.HostKeyCallback is not set. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
Go SSH library vulnerable to Man-in-the-Middle attacks
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
Go SSH library vulnerable to Man-in-the-Middle attacks
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
Security update for libssh2_org (moderate)
openSUSE Security Update: Security update for libssh2org Announcement ID: openSUSE-SU-2020:2129-1 Rating: moderate References: 1130103 1178083 Cross-References: CVE-2019-17498 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862...
CVE-2017-3204
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...