92 matches found
CVE-2026-36616
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...
CVE-2026-36612
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
CVE-2026-36612
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
EUVD-2026-34151
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
PT-2026-46000
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
CVE-2026-36616
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...
CVE-2026-36612
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
TRENDnet TEW-432BRP 命令注入漏洞
TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...
PT-2026-28668
Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A stack-based buffer overflow exists in the POST Request Handler component of Tenda AC5 version 15.03.06.47. The issue is located in the formWifiWpsOOB function within the /goform/WifiWpsOOB file...
EUVD-2026-13600
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
CVE-2026-25532
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
CVE-2026-25532
ESF-IDF (Espressif IoT Development Framework) WPS Enrollee vulnerability: malformed EAP-WSC packets can trigger an integer underflow during fragment length calculation, when EAP Length omits payload. Affected versions are 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. The underflow occurs as frag_len bec...
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
EUVD-2026-5376
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...
CVE-2025-46413
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...
CVE-2025-46413
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...
CVE-2025-46413
CVE-2025-46413 affects BUFFALO WSR-1800AX4 series Wi‑Fi routers. The issue is use of a password hash with insufficient computational effort (CWE-916) when WPS is enabled, potentially allowing an attacker to obtain the PIN and/or Wi‑Fi password. Public documents identify the affected component as ...
EUVD-2025-38245
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...
EUVD-2021-24122
Malware in sbrugna...