21 matches found
CVE-2025-12056
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
EUVD-2025-198138
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
EUVD-2025-198137
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM before v1.6 allows Excessive Allocation via network...
CVE-2025-12056
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
CVE-2025-11243
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM before v1.6 allows Excessive Allocation via network...
CVE-2025-11243
CVE-2025-11243 affects Shelly Pro 4PM prior to v1.6. Root cause is missing input bounds checking on multiple JSON-RPC endpoints, allowing an attacker to cause excessive memory allocation and trigger device reboots via the network. Impact is denial of service through repeated outages; evidence fro...
CVE-2025-11243 Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM before v1.6 allows Excessive Allocation via network...
CVE-2025-11243 Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM before v1.6 allows Excessive Allocation via network...
CVE-2025-12056
CVE-2025-12056 affects Shelly Pro 3EM (three‑phase energy meter). A specially crafted Modbus request can trigger an illegal data address read, leading to a device reboot and a denial‑of‑service. Vulnerable in versions before 1.4.4; fixed in 1.4.4+. No known public exploitation; CISA notes potenti...
CVE-2025-12056 Out-of-bounds Read in Shelly Pro 3EM
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
CVE-2025-12056 Out-of-bounds Read in Shelly Pro 3EM
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
PT-2025-47440
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM before v1.6 allows Excessive Allocation via network...
Shelly Pro 4PM 安全漏洞
Shelly Pro 4PM is an energy monitoring device from Shelly USA. A security vulnerability exists in Shelly Pro 4PM versions prior to 1.6, which stems from an unlimited resource allocation that could lead to over-allocation...
Shelly Pro 3EM 缓冲区错误漏洞
Shelly Pro 3EM is a three-phase energy meter from Shelly USA. A buffer error vulnerability exists in Shelly Pro 3EM versions prior to 1.4.4, which stems from an out-of-bounds read that could result in an over-read of the buffer...
PT-2025-47441
Out-of-bounds Read in Shelly Pro 3EM before v1.4.4 allows Overread Buffers...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shel...
Shelly Pro 4PM
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Shelly Pro 3EM
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Shelly PRO 4PM 0.11.0 Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
Shelly PRO 4PM v0.11.0 - Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...