31 matches found
CVE-2025-44018
CVE-2025-44018 affects the GL.iNet GL-AXT1800 OTA Update mechanism (firmware 4.7.0). A specially crafted .tar enables a firmware downgrade, which a motivated attacker could trigger via a man‑in‑the‑middle scenario. Cisco Talos documents the vulnerable version (GL-AXT1800 4.7.0) and assigns CVSS v...
EUVD-2017-4782
Malware in sbrugna...
EUVD-2016-7800
Malware in sbrugna...
EUVD-2016-7802
Malware in sbrugna...
EUVD-2021-0071
Malware in sbrugna...
EUVD-2023-58563
Malicious code in bioql PyPI...
CVE-2023-6321
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2023-6321 Owlet Camera OS command injection
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2023-6321
The CVE-2023-6321 issue is described across connected sources as a command-injection vulnerability in the IOCTL handler that manages OTA updates on Owlet Cam OS. The underlying flaw allows an authenticated attacker to execute commands with root privileges, potentially taking full control of affec...
CVE-2023-6321 Owlet Camera OS command injection
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2021-41104
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
CVE-2021-41104
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
PYSEC-2021-351
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
PYSEC-2021-351
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
Default credentials
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
CVE-2021-41104
ESPHome’s web_server in versions 2021.9.1 and earlier is vulnerable to OTA updates without validating the configured HTTP basic auth credentials. The root cause is that OTA update requests bypass the user-defined username/password check. The issue is fixed in version 2021.9.2; as a workaround, di...
Smart lighting security
Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...
Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps
Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications PHAs on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and...
CVE-2017-13265
A elevation of privilege vulnerability in the Android system OTA updates. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423...
CVE-2017-13265
A elevation of privilege vulnerability in the Android system OTA updates. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423...