CVE-2025-24891 Dumb Drop has an arbitrary file overwrite and path traversal for root shell

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject...

PT-2025-44725

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified NGINX versions 1.26.x Description The Linux kernel driver for Realtek 8xxxU wireless adapters contains a flaw where insufficient space is allocated for driver private station data, leading to a...

QEMU Root Shell Access Vulnerability

AMD ID: AMD-SB-3012 Potential Impact: Guest OS Root Shell Access from Malicious Host Severity: N/A Summary Researchers from the University of Tokyo shared with AMD a paper titled “A Root Shell Access Vulnerability in QEMU for AMD SEV-SNP Confidential Virtual Machines.” The research paper reports...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

Injection Vulnerability in Multiple Siemens Products

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. An injection vulnerability exists in multiple Siemens products, which can be exploited by attackers to inject code or generate a system root shell...

CVE-2024-50572

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

CVE-2024-50572

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

CVE-2024-50572

CVE-2024-50572 affects Siemens industrial devices (e.g., RUGGEDCOM RM1224 LTE, SCALANCE M family, S615, and related models) where an input field is not properly sanitized. This allows an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. The ...

Siemens RUGGEDCOM和Siemens SCALANCE 命令注入漏洞

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. An injection vulnerability exists in multiple Siemens products, which can be exploited by attackers to inject code or generate a system root shell...

CVE-2024-8448

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

CVE-2024-8448

PLANET Technology switch models are affected by CVE-2024-8448 due to a hard-coded credential in the CLI, enabling remote attackers with regular privileges to login and obtain a Linux root shell. The vulnerability affects certain PLANET switches (specific models not publicly detailed in the source...

CVE-2024-8448 PLANET Technology switch devices - Remote privilege escalation using hard-coded credentials

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell...

PT-2024-39018 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns a hard-coded credential in the command-line interface of certain switch models from PLANET Technology. This allows remote attackers with regular...

CVE-2024-44667

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2v1.0.1557.15.35P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access...

Exploit for Improper Privilege Management in Enlightenment

CVE-2022-37706 The CVE-2022-37706 vulnerability is relate...

PT-2024-31203 · Shenzhen Haichangxing Technology Co. · Hcx H822 4G Lte Router

Name of the Vulnerable Software and Affected Versions: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router version M7628NNxISPxUIv2 v1.0.1557.15.35 P0 Description: The issue is related to Incorrect Access Control, allowing unauthenticated factory mode reset and command injection. Thi...

CVE-2024-44667

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2v1.0.1557.15.35P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access...

CVE-2024-44667

CVE-2024-44667 affects Shenzhen Haichangxing HCX H822 4G LTE Router (M7628NNxISPxUIv2_v1.0.1557.15.35_P0). The vulnerability is Incorrect Access Control that allows unauthenticated factory mode reset and command injection, leading to information exposure and potential root shell access. Public so...