45 matches found
CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...
Smartwares HOME easy 安全漏洞
Smartwares HOME easy is a wireless home automation product line from the Dutch company Smartwares. A security vulnerability exists in Smartwares HOME easy version 1.0.9, which stems from an authentication bypass that could result in access to the administration page...
PT-2025-53321
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...
EUVD-2025-6207
Malicious code in bioql PyPI...
EUVD-2025-6206
Malicious code in bioql PyPI...
EUVD-2025-6201
Malicious code in bioql PyPI...
The vulnerability of the Microprogrammed Software for IP Cameras from Smartwares, models CIP-37210AT and C724IP, arises from the lack of measures to sanitize input data at the control level. This allows intruders to execute arbitrary commands.
The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to the lack of measures for cleaning incoming data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...
The vulnerability of the telnet service provided by the microprogramming-based IP cameras from Smartwares, models CIP-37210AT and C724IP, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the telnet service provided by the microprogramming-based IP cameras from Smartwares, models CIP-37210AT and C724IP, is related to the use of default login credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Smartwares CIP-37210AT and C724IP IP cameras’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows intruders to gain unauthorized access to protected information.
The vulnerability of the Microprogrammed Software for Smartwares CIP-37210AT and C724IP cameras is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a intruder to gain unauthorized access to protected information...
CVE-2024-13894
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13892
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13893
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13893
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13894
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13892
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...
CVE-2024-13894 Path traversal in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13894
CVE-2024-13894 affects Smartwares CIP-37210AT and C724IP cameras (and related firmware up to 3.3.0). The issue is a path traversal vulnerability exposed when the device connects to a mobile app and opens port 10000, allowing retrieval of pictures by supplying file paths; access is not properly li...
CVE-2024-13894 Path traversal in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by...
CVE-2024-13893 Shared credentials in Smartwares cameras
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...
CVE-2024-13893
Summary of CVE-2024-13892 / CVE-2024-13893 / CVE-2024-13894 (Smartwares CIP-37210AT, C724IP and similar firmware up to 3.3.0): CVE-2024-13892 (NVD/Red Hat): Command injection vulnerability during initialization when a mobile app provides AP credentials. Input is not properly sanitized. Patch stat...