CVE-2025-6563

MikroTik RouterOS has a cross-site scripting (XSS) vulnerability in the hotspot component for versions below 7.19.2. The issue stems from improper handling of the destination URL parameter (dst), allowing an attacker to inject a javascript: payload. When a user visits the crafted login URL and au...

OPPO Clone Phone 信息泄露漏洞

OPPO Clone Phone is a cell phone cloning application from the Chinese company OPPO. OPPO Clone Phone suffers from an information leakage vulnerability that originates from the use of a weak password WiFi hotspot to transfer files resulting in information leakage...

CVE-2025-2765

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...

CVE-2025-2765

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...

CVE-2025-2765

CVE-2025-2765 affects CarlinKit CPC200-CCPA Wireless Hotspot. The vulnerability is a hard-coded credential issue in the hotspot configuration that enables authentication bypass by network-adjacent attackers with no user interaction. Multiple sources (ZDI advisory ZDI-25-177, Red Hat, CVEs listing...

CVE-2025-2765 CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...

CarlinKit CPC200-CCPA 信任管理问题漏洞

The CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a trust management issue vulnerability that stems from the use of hard-coded credentials in wireless hotspots, which could lead to authentication bypass...

PT-2025-12841 · Carlinkit · Carlinkit Cpc200-Ccpa Wireless Hotspot

Name of the Vulnerable Software and Affected Versions: CarlinKit CPC200-CCPA Wireless Hotspot affected versions not specified Description: The issue concerns a hard-coded credentials authentication bypass vulnerability in the CarlinKit CPC200-CCPA Wireless Hotspot. This allows for unauthorized...

Microsoft Windows Local Elevation of Privilege Vulnerability (CNVD-2016-07926)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A lock screen elevation of privilege vulnerability exists in Microsoft Windows that originates from a program error that allows loading of web content from the Windows lock screen. An attacker in close...

CVE-2016-1491

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...

[TEHTRI-Security] Security and iPhone iOS 4.3 Personal Hotspot feature

Gents, Here is a tiny mail dealing with the new feature of the iPhone 4 with iOS 4.3, which turns it into a Wireless Hotspot in order to share your 3G session through a WLAN. We wanted to share a quick geeky and security overview of this awesome functionality. Basically, we only found one tiny...