CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

CVE-2025-9315 Unauthenticated Device Registration Vulnerability in MXsecurity Series

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

Moxa MXsecurity Series 安全漏洞

Moxa MXsecurity Series is an industrial network security management software platform from Moxa Corporation of Taiwan, China. A security vulnerability exists in Moxa MXsecurity Series that stems from improperly controlled modification of dynamically determined object attributes, which could lead ...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

CVE-2022-45432

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Serve...

CVE-2021-27780

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment...

Information disclosure

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment...

CVE-2021-27780

CVE-2021-27780 affects HCL Technologies BigFix Mobile/Modern Client Management (versions v1.x, v2.0). The root cause is improper handling of XML interfaces in unauthenticated contexts, enabling Un-Auth XML interaction and unauthenticated device enrollment. Impact described in sources includes una...

Korenix Technology JetWave CSRF / Command Injection / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Korenix Technology JetWave products: JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, JetWave 3220 vulnerable version...

Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Korenix Technology products: Korenix: JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet...

CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

UBUNTU-CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

Bluetooth Core Specification 信息泄露漏洞

The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. It is overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot (DoS)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

CVE-2020-12500

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions allows unauthenticated device administration...

CVE-2020-12500 Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions allows unauthenticated device administration...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0, Websocket/13 RFC 6455 Affected firmware version: V1.01-0bb5b27...

FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation

Summary FLIR TrafiOne is an all-round detection sensor for traffic monitoring and dynamic traffic signal control. Offered in a compact and affordable package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to adapt traffic signals based on the presence detection of vehicles, bicycles...