Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iwpoint struct iwpoint has a 32bit hole on 64bit arches. struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / number of fields or size in bytes / u16 flags;...

EUVD-2025-202625

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

CVE-2022-33694

Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting...

CVE-2025-25431

Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting XSS vulnerability via the The ssid key of wifidata parameter on the /captiveportal.htm page...

TRENDnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the ssid key of the wifidata parameter on the /captiveportal.htm page, which...

PT-2023-32138 · Unknown · Shenzhen Reachfar

Name of the Vulnerable Software and Affected Versions: Shenzhen Reachfar version v28 Description: The issue allows a remote attacker to retrieve all the week's logs stored in the 'log2' directory, potentially exposing sensitive information such as remembered wifi networks, sent messages, SOS devi...

Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app...

PT-2023-12650 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue allows for the preservation of WiFi settings due to residual data after a reset, potentially leading to local information disclosure without requiring additional execution...

CVE-2022-22266

Applicable to China models only Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission...

CVE-2022-22266

Applicable to China models only Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission...

USN-5116-2 linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not...

Information Disclosure Vulnerability in Multiple NETGEAR Products (CNVD-2020-33661)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi An information...

Anker Nebula Capsule Pro Denial of Service Vulnerability

The Anker Nebula Capsule Pro is a projector device from Anker Innovations, USA. A security vulnerability exists in the Anker Nebula Capsule Pro NBUIM1V2.1.9 version. An attacker can exploit the vulnerability by sending data to the WifiService with the help of a specially crafted application to...

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...

Decision in Street View WiFi Case Could Hinder Some Security Research

The decision by the Ninth Circuit Court last week to allow the class-action suit against Google over its collection of WiFi data to continue was welcomed as good news by privacy advocates, but it may have considerable consequences for security researchers who collect such data during legitimate...