CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2026-45160 ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

CVE-2026-45160

ESF-IDF’s ESP-IDF lwIP DHCP server option parser (parse_options in dhcpserver.c) has an out-of-bounds read in the BOOTP/DHCP options parsing. In affected releases 5.2.7, 5.3.5, 5.4.4, 5.5.4 and 6.0.1, a crafted DHCP request can cause reads past the end of the options buffer into adjacent heap mem...

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...

MediaTek wappd buffer overflow

Added: 09/30/2024 Background MediaTek Wi-Fi chipsets and SoftAP driver bundles include wappd , a network daemon responsible for configuring and managing wireless interfaces and access points. Problem A buffer overflow in wappd could allow remote code execution on a large variety of devices...

The vulnerability of the video bar and switch for Apollo VX20 video conferencing systems lies in the lack of encryption for confidential data and improper handling of exclusive conditions, allowing intruders to obtain passwords in an open form.

The vulnerability of the microprogramming software for Apollo VX20 is related to the absence of encrypted confidential data. Exploiting this vulnerability can allow a malicious actor to obtain passwords in plain text through a GET request to SoftAP/device/config...

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...

CVE-2024-25735

WyreStorm Apollo VX20 devices prior to version 1.3.58 expose cleartext credentials via an HTTP GET on the SoftAP router endpoint /device/config. This is an information-disclosure/authentication- bypass issue affecting the web interface/config component; remote attackers can retrieve credentials w...

PT-2024-4077 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to discover cleartext passwords via a SoftAP "GET /device/config" request. This is due to a lack of encrypted confidential data. Recommendations: For...

CVE-2022-20535

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2022-20200

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20200

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2022-14429 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12L Description: The issue is related to a possible leak of hotspot state due to a missing permission check in the updateApState function of SoftApManager.java. This could lead to local information disclosure with no...

CVE-2017-2873

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting...

CVE-2017-2873

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting...

Foscam IP Video Camera CGIProxy.fcgi SoftAP Configuration Command Injection Vulnerability(CVE-2017-2873)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration...

Foscam IP Video Camera CGIProxy.fcgi SoftAP Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration...

Samsung SoftAP Weak Password Vulnerability

Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours. ================================================================ Samsung softap weak random generated password This affects SmartTV and Printers ===============================================================...