EUVD-2025-208881

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

EUVD-2025-208885

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

CVE-2025-67113

CVE-2025-67113 describes an OS command injection in the CWMP client (/ftl/bin/cwmp) of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842. The root cause is unescaped TR-069 Download URL input being passed into the firmware upgrade pipeline, allowing remot...

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

EUVD-2016-1594

Malware in sbrugna...

EUVD-2017-9427

Malware in sbrugna...

EUVD-2014-3320

Malware in sbrugna...

EUVD-2016-2420

Malware in sbrugna...

EUVD-2017-9430

Malware in sbrugna...

CVE-2024-5403

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server...

CVE-2024-5403 ASKEY 5G NR Small Cell - Command Injection

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server...

CVE-2024-5403

CVE-2024-5403 affects ASKEY 5G NR Small Cell. The issue is an OS/command-injection vulnerability caused by improper filtering of user input for certain functionalities, enabling remote attackers with administrator privileges to execute arbitrary system commands on the remote server. CVSSv3.1 metr...

CVE-2024-5403 ASKEY 5G NR Small Cell - Command Injection

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server...

PT-2024-36016 · Askey · Askey 5G Nr Small Cell

Name of the Vulnerable Software and Affected Versions: ASKEY 5G NR Small Cell affected versions not specified Description: The issue is related to improper filtering of user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system command...

ASKEY 5G NR Small Cell 操作系统命令注入漏洞

The Askey 5G NR Small Cell is a 5G base station from China's Askey Electronic Technology Askey. An OS command injection vulnerability exists in ASKEY 5G NR Small Cell version V6, which stems from the inability to properly filter user input for certain functions, allowing an attacker to execute...

SUSE CVE-2017-13218

Access to CNTVCTEL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M,...

Airspan AirVelocity 1500 跨站请求伪造漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks into indoor spaces A security vulnerability exists in versions prior to Airspan AirVelocity 1500 15.18.00.2511, which stems from the lack of CSRF...

Airspan AirVelocity 1500 跨站脚本漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks into indoor spaces A security vulnerability exists in versions prior to Airspan AirVelocity 1500 15.18.00.2511, which stems from an easily injected XSS...