Honeywell多款产品 访问控制错误漏洞

Honeywell I-HIB2PI-UL 2MP, etc., are products of the American company Honeywell. The Honeywell I-HIB2PI-UL 2MP is an infrared dome camera. The Honeywell SMB NDAA MVO-3 is an infrared gimbal camera. The Honeywell PTZ WDR 2MP 32M is a series of night vision cameras. Several Honeywell products have...

EUVD-2025-36784

Malicious code in wdr-beam npm...

MAL-2025-49065 Malicious code in wdr-beam (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16487b4b3ab32616874e0d9510ebc6c9ebf957bccdd7bfe6e84d60e0d1b89cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview wdr-beam is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in wdr-beam (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16487b4b3ab32616874e0d9510ebc6c9ebf957bccdd7bfe6e84d60e0d1b89cf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2021-25641

Malware in sbrugna...

CVE-2023-27387

Cross-site request forgery CSRF in T Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T Corporation data logger products...

CVE-2021-39279

Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...

CVE-2021-39278

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3...

CVE-2020-28877

Buffer overflow in in the copymsgelement function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N...

CVE-2019-6487

TP-Link WDR Series devices through firmware v3 such as TL-WDR5620 V3.0 are affected by command injection after login leading to remote code execution, because shell metacharacters can be included in the weather getweatherobserve citycode field...

CVE-2023-27387

Cross-site request forgery CSRF in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger...

ESPEC MIC多款产品跨站脚本漏洞

ESPEC MIC RT-12N and others are an environmental sensor from ESPEC MIC. A security vulnerability exists in several ESPEC MIC products, which can be exploited by an attacker to execute arbitrary scripts on a logged-in user's web browser. The following products and versions are affected: ESPEC MIC:...

The vulnerability of the microprogramming software used in industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software used in wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and AWK-1137C models, is related to improper verification of the cryptographic signature. This vulnerability allows attackers to perform cross-site scripting attacks.

The vulnerability of the microprogramming software used in industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software used in wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and...

The vulnerability of the microprogramming software used in industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software used in wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and AWK-1137C models, is related to the unencrypted storage of critical information. This vulnerability allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the microprogramming software used in industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software used in wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and...

The vulnerability of the web interface of the microprogramming software for industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software for wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and AWK-1137C models, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as of microprogramming software for wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A,...

CVE-2021-39279

Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...

CVE-2021-39278

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3...

Command injection

Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...

CVE-2021-39279

Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...