PT-2025-30217 · Westermo · Westermo Weos

Name of the Vulnerable Software and Affected Versions: Westermo WeOS versions 5.24 through 5.24.4 Description: An issue was discovered that allows a threat actor to potentially gain unauthorized access to sensitive information via system logging information, specifically through verbose syslog...

CVE-2025-54319

Westermo WeOS versions 5.24–5.24.4 are affected by CVE-2025-54319 due to verbose syslog logging that can disclose credentials, enabling potential unauthorized access to sensitive information. Root cause: logging configuration exposes credentials in syslog. Affected software: Westermo WeOS 5.x (5....

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

CVE-2025-6148

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack...

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the getsyslogfromqtn parameter in the...

VulnCheck KEV: CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password...

Debian: Security Advisory (DLA-4182-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4182-1] syslog-ng security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4182-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 28, 2025 https://wiki.debian.org/LTS -...

Debian dla-4182 : syslog-ng - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4182 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4182-1 [email protected] https://www.debian.org/lts/security/...

DLA-4182-1 syslog-ng - security update

Bulletin has no description...

Fedora: Security Advisory (FEDORA-2025-0fc3d8b7bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-7f48333f3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-7907

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...

CVE-2023-26925

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information...

CVE-2023-36924

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-42782

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

CVE-2021-37439

NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability...