Why eSIMs Are Replacing Traditional SIM Cards

From SIM swap protection to remote provisioning, eSIMs are quickly replacing physical SIM cards. Here’s why the shift matters for security and convenience...

EUVD-2025-204663

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information (including AutoP URL addresses) due to an inadequate authentication mechanism. A security update deploying an enhanced authentication mechanism to all cloud instances fixes the issue. Affected product: Yealink RPS prior to 20...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL addresses. This was fixed by deploying an enhanced authentication mechanism through a security update to all cloud instances...

CVE-2024-40659

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from the getRegistration method in the RemoteProvisioningService.java file containing an improperly validated input, and there is a...

PT-2024-28973 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to improper input validation in the getRegistration of RemoteProvisioningService.java. This could lead to a local denial of service, where the AndroidKeyStore key...

ABB CP635 HMI Lack of encryption or authenticity checks against firmware binary files (CVE-2019-7229)

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: Utilization of USB/SD Card to flash the device and Remote provisioning process via ABB Panel Builder 600 over FTP. Neither of these transmission methods implements any form of encryption...

CVE-2021-39637

In CreateDeviceInfo of trustyremoteprovisioningcontext.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

ovirt-engine: Unfiltered password when choosing manual db provisioning

A flaw was found in ovirt-engine. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords...

ZTE ZXHN H108N 3.3.0_MU CWMP Configuration Disclosure

ZTE ZXHN H108N 3.3.0MU CWMP configuration disclosure Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg http://pastebin.com/u/hackerscommunity Model ZXHN H108N Serial Number ZTEERFCD6K03762 Batch Number T1 Software Version...

ZTE ZXHN H108L Access Bypass Vulnerability

ZTE ZXHN H108L fails to verify user authentication when editing the CWMP configuration. ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol...

ZTE ZXHN H108L Access Bypass

About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely used by ISPs worldwide for remote...

ZTE ZXHN H108L - Authentication Bypass (2)

ZTE ZXHN H108L - Authentication Bypass 2 About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely...

ZTE ZXHN H108L - Authentication Bypass (2)

About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely used by ISPs worldwide for remote...

ZTE ZXHN H108L - Authentication Bypass (1)

Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-8493 Original post at...