Xiaomi Xiao AI Speaker Pro LX06 Input Validation Error Vulnerability

The Xiaomi Xiao AI Speaker Pro LX06 is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An input validation error vulnerability exists in Xiaomi Xiao AI Speaker Pro LX06 version 1.52.4. The vulnerability can be exploited to obtain a root shell by accessing the UART interface, which...

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

kernel: null-pointer dereference in hci_uart_set_flow_control

A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash...

kernel: null-pointer dereference in hci_uart_set_flow_control

A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

Hardcoded credentials

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The CVE-2019-16258 issue affects the homee Brain Cube V2 bootloader up to version 2.23.0. Affected component: bootloader/U-Boot environment accessible via internal UART. Root access can be gained by attackers with physical access who manipulate the U-Boot environment through the CLI after connect...

CVE-2020-8994

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...

Design/Logic Flaw

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...

CVE-2020-8994

The CVE-2020-8994 entry concerns Xiaomi AI Speaker MDZ-25-DT (firmware versions 1.34.36 and 1.40.14). A physical-access flaw allows an attacker to obtain a root shell by interfacing with UART, enabling reading of the Wi‑Fi SSID/password and dialogue text files, and using Text‑To‑Speech to imperso...

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

CVE-2019-20348

CVE-2019-20348 affects OKER G232V1 devices (v1.03.02.20161129) where the boot UART serial interface exposes a root shell due to improper access control. The vulnerability allows an attacker with physical access to interrupt the boot sequence and execute arbitrary commands with root privileges, en...

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

openthread:ncp-uart-received-fuzzer: Stack-buffer-overflow in ot::MeshCoP::Commissioner::GeneratePskc

Project: https://github.com/openthread/openthread.git Detailed Report: https://oss-fuzz.com/testcase?key=5163475521503232 Project: openthread Fuzzing Engine: libFuzzer Fuzz Target: ncp-uart-received-fuzzer Job Type: libfuzzerasanopenthread Platform Id: linux Crash Type: Stack-buffer-overflow WRIT...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions with Function State FS 11, SIMATIC S7-200 SMART CPU CR20s 6E...

CVE-2019-13945

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions with Function State FS 11, SIMATIC S7-200 SMART CPU CR20s 6E...

CVE-2019-13945

The CVE-2019-13945 vulnerability affects Siemens SIMATIC S7-1200 and S7-200 SMART CPU families (multiple revisions and SIPLUS variants) and arises from an access mode during manufacturing that grants additional diagnostic functionality. An attacker with physical access to the UART interface durin...