14 matches found
CVE-2026-3344 WatchGuard Firebox System Integrity Check Bypass
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
PT-2026-22734
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
PT-2025-47463
Name of the Vulnerable Software and Affected Versions Sound4 FIRST affected versions not specified Description The Sound4 FIRST web-based management interface is susceptible to Remote Code Execution RCE through a maliciously crafted firmware update package. The system’s update process does not...
CVE-2025-63215
The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...
PT-2025-47408
Name of the Vulnerable Software and Affected Versions Sound4 IMPACT affected versions not specified Description The Sound4 IMPACT web-based management interface contains a flaw that allows for Remote Code Execution RCE through a specially crafted firmware update package. The system does not...
EUVD-2018-20826
Malware in sbrugna...
EUVD-2021-7613
Malicious code in bioql PyPI...
Code injection
fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device...
CVE-2021-35951
The CVE-2021-35951 issue affects fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker. A remote, unauthenticated attacker can send a malicious firmware update over Bluetooth Low Energy (BLE), potentially brick the device. The connected sources describe the vulnerability but do not provide a c...
CVE-2021-35951
fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device...
CVE-2022-36385 Contec Health CMS8000
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...
NETGEAR Man-in-the-Middle Attack Vulnerability
The NETGEAR R7000 is a wireless router from NETGEAR. A security vulnerability exists in the NETGEAR R7000 versions 1.0.9.61.2.19 through 1.0.11.10010.2.10, which stems from a lack of SSL certificate validation. An attacker can exploit this vulnerability by performing a man-in-the-middle attack to...
Siemens TIA Portal - Remote Command Execution
Exploit Title: Siemens TIA Portal unauthenticated remote command execution Date: 06/11/2019 Exploit Author: Joseph Bingham CVE : CVE-2019-10915 Vendor Homepage: www.siemens.com Software Link: https://new.siemens.com/global/en/products/automation/industry-software/automation-software/tia-portal.ht...
The Segway miniPRO balance of the car vulnerability research-exploit warning-the black bar safety net
Segway miniPRO Electric balance car presence of a critical security vulnerability, a malicious attacker could exploit the vulnerability may completely control the balance of the car. IOActive latest study found that Segway miniPRO Electric balance of the car in the presence of a critical security...