Lucene search
K

11 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-38057

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51635

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00624EPSS
Exploits0References2
NVD
NVD
added 2025/01/17 2:15 p.m.15 views

CVE-2024-13502

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The commitmulticast pa...

9.3CVSS0.00624EPSS
Exploits0References2
CVE
CVE
added 2025/01/17 2:1 p.m.64 views

CVE-2024-13502

CVE-2024-13502 affects Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM. The issue is an OS command injection caused by improper neutralization: the commit_multicast web interface page passes untrusted input to an eval in a bash script, enabling arbitrary shell commands (Local Code...

9.3CVSS7.2AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

Newtec/iDirect NTC2218、Newtec/iDirect NTC2250和Newtec/iDirect NTC2299 操作系统命令注入漏洞

The Newtec/iDirect NTC2218 and others are a modem from Newtec/iDirect. An operating system command injection vulnerability exists in the Newtec/iDirect NTC2218, Newtec/iDirect NTC2250, and Newtec/iDirect NTC2299, which stems from an unsatisfactory neutralization of a special element that results ...

9.3CVSS7.5AI score0.00624EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.2 views

Newtec/iDirect NTC2218、Newtec/iDirect NTC2250和Newtec/iDirect NTC2299 安全漏洞

The Newtec/iDirect NTC2218 and others are a modem from Newtec/iDirect. A security vulnerability exists in the Newtec/iDirect NTC2218, Newtec/iDirect NTC2250, and Newtec/iDirect NTC2299, which stems from a buffer copy that does not check the size of the input, resulting in remote code inclusion...

9.5CVSS7.7AI score0.0051EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.8 views

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

9.3CVSS6.8AI score0.00624EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2015/01/29 12:0 a.m.57 views

VSAT Sailor 900 - Remote Exploit

VSAT Sailor 900 - Remote Exploit. Remote exploit for hardware platform / File : satcompwn.c - VSAT SAILOR SAT COM 900 Remote 0day Author : Nicholas Lemonias This is proprietary source code material of Advanced Information Security Corporation. Usage, distribution and modifications are pursuant to...

7.5AI score
Exploits0
Rows per page
Query Builder