4 matches found
CVE-2025-0681
CVE-2025-0681 concerns New Rock Technologies Cloud Connected Devices. The Cloud MQTT service supports wildcard topic subscriptions, enabling an attacker to tap service communications and potentially obtain sensitive information. Documented impact is information disclosure via local access to the ...
CVE-2025-0681 New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols
The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications...
CVE-2025-0680 New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.
Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud...
CVE-2025-0680
The CVE-2025-0680 entry concerns New Rock Technologies Cloud Connected Devices suffering an OS command injection vulnerability in the device cloud RPC handling path. Affected software/components are the Cloud Connected Devices’ RPC command processing mechanism; root cause appears to be improper h...