7 matches found
CVE-2026-49199 Predator Connect W6x: RCE via MQTT
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-32324
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...
PT-2025-40945
Name of the Vulnerable Software and Affected Versions YoSmart YoLink ecosystem through 2025-10-02 YoLink Hub 0382 YoLink Mobile Application version 1.40.41 YoLink MQTT Broker Description Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an...
The vulnerability of the recvSlaveUpgstatus() function in the MQTT service of the TOTOLink T6 microprogramming system allows a attacker to execute arbitrary code.
The vulnerability of the recvSlaveUpgstatus function in the MQTT service of the TOTOLink T6 mesh-system’s micro-programming system is related to the issue of operations going out of the buffer in memory when processing the parameter s. Exploiting this vulnerability allows a malicious actor to...
CVE-2022-25133
A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3Firmware T6V3V4.1.5cu.748B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet...
ALPINE-CVE-2021-22945
When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again...
DEBIAN-CVE-2017-2894
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet ove...