PT-2025-34044 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version V02.03.01.110 Description: An unsafe default authentication issue exists in the Initial Setup Authentication functionality. A specially crafted network request can lead to arbitrary code execution. An attacker can access the...

Tenda AC6 安全漏洞

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6. The vulnerability stems from the presence of insecur...

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

Trend Makers Sight Bulb Pro 加密问题漏洞

Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...

CVE-2025-49004 Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

CVE-2023-42144

Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited to cause a denial of service by an attacker who sends an "Initial Context Setup Failed" message that lac...

Telerik Report Server Auth Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telerik Report Server Auth Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in Telerik Report Server...

(Pwn2Own) Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability

This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewall rules. The issue results from...

Telerik Report Server Auth Bypass

This module exploits an authentication bypass vulnerability in Telerik Report Server versions 10.0.24.305 and prior which allows an unauthenticated attacker to create a new account with administrative privileges. The vulnerability leverages the initial setup page which is still accessible once th...

CVE-2023-42144

Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...

Design/Logic Flaw

Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...

Shelly TRV Security Vulnerability

Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v.2.1.8, which stems from a plaintext transmission during initial setup that allows a local attacker to obtain the Wi-Fi password...

PT-2024-13034 · Allterco · Shelly Trv

Name of the Vulnerable Software and Affected Versions: Shelly TRV version 2.1.8 Description: The issue allows a local attacker to obtain the Wi-Fi password due to cleartext transmission during the initial setup. Recommendations: For Shelly TRV version 2.1.8, update to a version that addresses the...

Design/Logic Flaw

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

PT-2023-29928

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2023.8.4 and 2023.10.2 Description authentik is an open-source Identity Provider. When the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin use...

RHEL 7 : subscription-manager (RHSA-2023:4701)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...

gnome-initial-setup bug fix and enhancement update

An update is available for gnome-initial-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...