PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function...

EUVD-2025-17440

Malicious code in bioql PyPI...

EUVD-2025-17443

Malicious code in bioql PyPI...

EUVD-2025-2013

Malicious code in bioql PyPI...

EUVD-2025-17438

Malicious code in bioql PyPI...

EUVD-2025-17445

Malicious code in bioql PyPI...

EUVD-2025-17441

Malicious code in bioql PyPI...

EUVD-2025-28759

Malicious code in bioql PyPI...

RT-Thread Input Validation Error Vulnerability (CNVD-2025-16524)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from an input validation error vulnerability that originates from the operation of the parameter how in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacke...

RT-Thread buffer overflow vulnerability (CNVD-2025-16523)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that originates from the operation of the parameter timeout in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacker to...

CVE-2025-6693

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693 RT-Thread device.c sys_device_write memory corruption

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693 RT-Thread device.c sys_device_write memory corruption

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693

CVE-2025-6693 affects RT-Thread up to 5.1.0. The vulnerability targets the file components/drivers/core/device.c, specifically the functions sys_device_open, sys_device_read, sys_device_control, sys_device_init, sys_device_close, and sys_device_write, causing memory corruption and enabling a loca...

RT-Thread 缓冲区错误漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A buffer error vulnerability exists in RT-Thread 5.1.0 and earlier versions, which stems from a memory corruption and could lead to a local attack...

PT-2025-26958 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A critical vulnerability was found in RT-Thread, affecting the functions sys device open, sys device read, sys device control, sys device init, sys device close, and sys device write of the file...

CVE-2025-5869

A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sysrecvfrom of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument from leads to memory corruption...