CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...

EUVD-2015-5976

Malware in sbrugna...

The vulnerability of the microprogrammed software in wireless alarm systems such as IQ Panel 4 and IQ4 Hub, related to insufficient protection of operational data, allows a intruder to alter the settings of the device.

The vulnerability of the microprogrammed wireless signaling systems IQ Panel 4 and IQ4 Hub lies in the insufficient protection of operational data. Exploiting this vulnerability could allow an intruder to alter the settings of the device...

CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub

Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings...

CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub

Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings...

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

Qolsys IQ Panel Security Bypass Vulnerability

Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security bypass vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1 that fails to validate the digital signature of software updates. An attacker could exploit this vulnerability...

Qolsys IQ Panel Using Hardcoded Encryption Keys Vulnerability

Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1. A remote attacker can exploit the vulnerability to create a digital signature for code by cleverly constructing...

CVE-2015-6033

Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...

CVE-2015-6032

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

Hardcoded credentials

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

CVE-2015-6032

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

CVE-2015-6033

CVE-2015-6033 affects the Qolsys IQ Panel (aka QOL) before 1.5.1. Root cause: the device does not verify digital signatures of software updates, allowing a man‑in‑the‑middle to deliver a modified update and bypass access restrictions. Impact: remote, unauthenticated attacker could inject maliciou...

CVE-2015-6032

Qolsys IQ Panel (aka QOL) before version 1.5.1 is vulnerable due to hardcoded cryptographic keys, enabling a remote attacker to forge digital signatures for code by using a key from another installation. Affected devices accept forged updates or code as valid. The issue arises from use of hard-co...

CVE-2015-6033

Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...