CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36616

CVE-2026-36616 affects the Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue is the presence of hardcoded WiFi driver credentials embedded in the production firmware binary: a RADIUS shared secret, a WPS test key, and a default PSK. The vulnerability arises from these sensitive ...

PT-2026-46003

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

EUVD-2019-5986

Malware in sbrugna...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

EUVD-2025-32193

Malicious code in bioql PyPI...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

Flock Safety Falcon 安全漏洞

Flock Safety Falcon is a series of license plate recognition cameras from Flock Safety USA. A security vulnerability exists in Flock Safety Falcon that stems from the storage of plaintext exploitation Wi-Fi credentials in the production firmware...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

CVE-2025-59409

CVE-2025-59409 affects Flock Safety Falcon and Sparrow License Plate Readers (OPM1.171019.026). Root cause: development Wi‑Fi credentials stored in cleartext within production firmware, e.g., credentials like test_flck/test_flck. Impact: potential unauthorized device access. Public sources (PTSec...

PT-2025-40414

Name of the Vulnerable Software and Affected Versions Flock Safety Falcon and Sparrow License Plate Readers version OPM1.171019.026 Description The devices ship with development Wi-Fi credentials specifically, test flck stored in cleartext within the production firmware. This could allow...

CVE-2025-59409

Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials testflck stored in cleartext in production firmware...

SUSE CVE-2019-14871

The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...

Design/Logic Flaw

The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...

UBUNTU-CVE-2019-14871

The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...

CVE-2019-14871

The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17095 Bitdefender BOX 2 bootstrap download_image command injection vulnerability

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...