CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

CVE-2024-21827

A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger...

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-29481

A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-30543

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-29888

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

InHand Networks InRouter302 console support leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1521 InHand Networks InRouter302 console support leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-28689 SUMMARY A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A...

CVE-2019-18869

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17...

CVE-2019-18869

CVE-2019-18869 affects Blaauw Remote Kiln Control (v3.00r4); leftover debug code in default.php?idx=17 allows arbitrary PHP code execution. Root cause: debug artifacts accessible via web interface, enabling full control over the PHP process. Public descriptions across Red Hat/EUVD/CNVD/NVD family...

CVE-2020-7958

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

Design/Logic Flaw

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

CVE-2020-7958

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user root in the Rich Execution Environment REE to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the...

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...

Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell

KL-001-2017-010 : Barracuda WAF Early Boot Root Shell Title: Barracuda WAF Early Boot Root Shell Advisory ID: KL-001-2017-010 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-010.txt 1. Vulnerability Details Affected Vendor: Barracuda Affect...