Panasonic IR Control Hub vulnerable to Unauthorised firmware loading

Overview IR Control Hub provided by Panasonic contains a vulnerability that may lead to loading of unauthorized firmware. IR Control Hub provided by Panasonic verifies the hash value of the loading firmware when booting, but it keeps booting with the firmware even when it detects that the hash...

CVE-2024-33374

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication...

ASUS RT-N12+ B1 Elevation of Privilege Vulnerability

The ASUS RT-N12+ B1 is a wireless router. An elevation of privilege vulnerability exists in the ASUS RT-N12+ B1, which can be exploited by an attacker to bypass security restrictions caused by incorrect access control and gain root terminal access via the UART interface by sending a specially...

CVE-2024-28326

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface...

CVE-2024-28326

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface...

CVE-2024-28326

CVE-2024-28326 affects ASUS RT-N12+ B1 and RT-N12 D1 routers. The issue is described as Incorrect Access Control allowing local attackers to obtain a root terminal via the UART interface, implying a physical access/exploit through UART to gain high-privilege control. Connected documents corrobora...

CVE-2024-28326

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface...

CVE-2023-46033

D-Link Non-US DSL-2750U N300 ADSL2+ and Non-US DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control...

CVE-2023-34724

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19T53, allows physical attackers to gain escalated privileges via the UART interface...

Design/Logic Flaw

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19T53, allows physical attackers to gain escalated privileges via the UART interface...

PT-2023-24985 · Techview · Techview La-5570 Wireless Gateway

Name of the Vulnerable Software and Affected Versions: TECHView LA5570 Wireless Gateway version 1.0.19 T53 Description: An issue was discovered in the TECHView LA5570 Wireless Gateway, allowing physical attackers to gain escalated privileges via the UART interface. Recommendations: For version...

CVE-2023-34724

TECHView LA5570 Wireless Gateway 1.0.19_T53 is affected by two CVEs: CVE-2023-34724 (UART-based privilege escalation) and CVE-2023-34725 (telnet-based privilege escalation). NVD data indicates physical access is required (attack vector: PHYSICAL for 34724; telnet access implied for 34725) with hi...

CVE-2023-34724

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19T53, allows physical attackers to gain escalated privileges via the UART interface...

CVE-2023-33921

Siemens SICAM A8000 CP-8031/CP-8050 Master Modules (pre CPCI85 V05) expose a UART console login. With direct physical access, an attacker could brute‑force/crack the root password to gain login. Affected versions are all before CPCI85 V05; Siemens Mitigation: update to CPCI85 V05 or later. If pat...

CVE-2023-33921

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...

Siemens S7-1200 and S7-200 SMART CPUs Exposed Dangerous Method or Function (CVE-2019-13945)

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions with Function State FS 11, SIMATIC S7-200 SMART CPU CR20s 6E...

Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02661)

The Netgear RAX43 is a wireless router from Netgear, Inc. A security vulnerability exists in the Netgear RAX43, which stems from insufficient protection of the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, log in...

CVE-2021-20168

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default...

Default credentials

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default...

CVE-2021-20168

CVE-2021-20168 affects Netgear RAX43 firmware 1.0.3.96, exposing UART interface protection weaknesses. A threat actor with physical access can connect via serial, log in with default credentials (admin:admin), and execute commands as root. CVSSv3.1 vector indicates Physical access, Low attack com...