CVE-2025-14858

The CVE targets Semtech LR11xx LoRa transceivers with early firmware versions. During a firmware validity check over SPI, the device decrypts an encrypted firmware package block-by-block; the last decrypted block remains uncleared in memory after validation, enabling an attacker with SPI access t...

Linux Distros Unpatched Vulnerability : CVE-2026-23431

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: amlogic-spisg: Fix memory leak in amlspisgprobe In amlspisgprobe, ctlr is allocated by spialloctarget/spiallochost, but fails to call spicontrollerput in...

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

CVE-2026-30613

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

CVE-2026-30613

CVE-2026-30613 affects AZIOT 1 Node Smart Switch (16A, WiFi/Bluetooth) with software 1.1.9. An information disclosure vulnerability arises from improper access control on the UART debug interface, allowing a physically proximate attacker to connect to UART and read sensitive data from the serial ...

CVE-2026-23475

A flaw was found in the Linux kernel's Serial Peripheral Interface SPI component. The system's per-CPU statistics for the SPI controller were not allocated until after the controller was registered. This created a window where a local user or process could access system files sysfs attributes...

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

CVE-2026-4346 Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

CVE-2026-4346

The CVE concerns TP-Link TL-WR850N v3 where credentials (administrative and Wi‑Fi) are stored in cleartext in a region of the device’s flash while the serial interface is enabled and protected by weak authentication. A physical attacker who can access the serial port can recover sensitive data, i...

TP-Link TL-WR850N 安全漏洞

The TP-Link TL-WR850N is a WiFi router produced by the TP-Link company. The TP-Link TL-WR850N v3 has a security vulnerability. This vulnerability arises from the fact that, when the serial interface is enabled and under weak authentication protection, management credentials and Wi-Fi credentials...

PT-2026-28644

Name of the Vulnerable Software and Affected Versions TL-WR850N version 3 Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. A...

EUVD-2026-12878

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 exposes an unprotected UART interface through accessible hardware pads on the PCB...

CVE-2026-30704

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 exposes an unprotected UART interface through accessible hardware pads on the PCB...

CVE-2026-30704

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 exposes an unprotected UART interface through accessible hardware pads on the PCB...

Yuner Yipu WiFi Extender WDR201A 安全漏洞

Yuner Yipu WiFi Extender WDR201A is a WiFi signal amplifier produced by the Chinese company Yuner Yipu. The Yuner Yipu WiFi Extender WDR201A has a security vulnerability, which stems from an unprotected UART interface exposed on the PCB...

CVE-2026-30704

CVE-2026-30704 affects the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The issue is an unprotected UART interface exposed via accessible PCB pads, as described in multiple sources (NVD, Red Hat, ENISA/EUVD, CVE entry). The exposure is the root cause, enabling potential direct hardware...

CVE-2026-30704

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 exposes an unprotected UART interface through accessible hardware pads on the PCB...

CVE-2026-30704

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 exposes an unprotected UART interface through accessible hardware pads on the PCB...

CVE-2026-23207

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...