Lucene search
K

337 matches found

RedhatCVE
RedhatCVE
added 2025/02/13 11:47 a.m.7 views

CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...

6.8CVSS6.6AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2025/02/11 10:15 a.m.10 views

CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

6.8CVSS0.00313EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/11 9:15 a.m.18 views

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

6.5AI score0.00313EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/11 9:15 a.m.21 views

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

0.00313EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.5 views

PT-2025-6174 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.4.1 Description: The firmware of all Wattsense Bridge devices contains the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered...

9.8CVSS7.6AI score0.00663EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.4 views

PT-2025-6173 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge devices versions prior to BSP 6.4.1 Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well...

6.8CVSS7.4AI score0.00313EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.6 views

The vulnerability of AMD’s microprogrammed software for processors lies in the violation of data protection mechanisms, allowing attackers to circumvent the SPI ROM protection mechanism.

The vulnerability of AMD’s microprogrammed software lies in the bypass of the data protection mechanism. Exploiting this vulnerability allows an attacker to circumvent the SPI ROM protection mechanism by modifying the data...

5.5CVSS6.6AI score0.00224EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/12/05 12:19 p.m.14 views

CVE-2024-54127 Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could...

4.2CVSS0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.6 views

TP-Link Archer C50 安全漏洞

The TP-LINK Archer C50 is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-Link Archer C50 prior to version V4 240917, which stems from terminal access on the serial interface that is not properly privileged, allowing an attacker to obtain Wi-Fi credentials on t...

4.2CVSS6.6AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 9:24 p.m.19 views

CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

9.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 9:24 p.m.12 views

CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

9.3CVSS6.4AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 9:15 p.m.13 views

CVE-2024-9834

Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance...

9.3CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-39874 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue concerns improper data protection on the ventilator's serial interface. This could allow an attacker to send and receive messages, resulting in unauthorized disclosure of...

9.3CVSS6.3AI score0.00137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.5 views

PT-2024-33307 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The ventilator's serial interface has its debug port enabled by default, allowing an attacker to send and receive unencrypted messages. This could result in unauthorized disclosure of...

9.3CVSS6.3AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.3 views

Baxter Life2000 安全漏洞

The Baxter Life2000 is a mask-less non-invasive ventilator from Baxter. A security vulnerability exists in the Baxter Life2000 that stems from improper data protection on the ventilator's serial interface, which could allow an attacker to send and receive messages that could have an unintended...

9.3CVSS6.2AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2024/11/07 9:15 p.m.12 views

CVE-2019-20462

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi acce...

5.3CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/07 12:0 a.m.9 views

CVE-2019-20462

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi acce...

5.2AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/07 12:0 a.m.17 views

CVE-2019-20462

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi acce...

0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.5 views

Alecto IVM-100 安全漏洞

The Alecto IVM-100 is a baby monitor with camera from Alecto. A security vulnerability exists in the Alecto IVM-100 version 2019-11-12, which stems from the fact that the device comes with a board-level serial interface, and by connecting to this serial interface and rebooting the device, a large...

5.3CVSS6.5AI score0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.5 views

PT-2024-10738 · Alecto · Alecto Ivm-100

Name of the Vulnerable Software and Affected Versions: Alecto IVM-100 version 2019-11-12 Description: An issue was discovered where a large amount of information is disclosed when attaching to the serial interface at the board level and rebooting the device. This includes the view password and th...

5.3CVSS7.1AI score0.00302EPSS
Exploits0References11
Rows per page
Query Builder