15 matches found
EUVD-2025-12371
Malicious code in bioql PyPI...
EUVD-2025-12376
Malicious code in bioql PyPI...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29659
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...
CVE-2025-29659
CVE-2025-29659 affects Yi IOT XY-3820, version 6.0.24.10. The vulnerability is a Remote Command Execution via the cmd_listen function in the cmd binary, with network access and no user interaction required (CVSS v3.1: 9.8, Critical). The reports do not specify a fixed version; a workaround sugges...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
PT-2025-17440 · Yi · Yi Iot Xy-3820
Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: The issue concerns a Remote Command Execution vulnerability via the cmd listen function located in the cmd binary. This allows for unauthorized execution of commands, potentially leading to a full...
PT-2025-17441 · Yi · Yi Iot Xy-3820
Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: A vulnerability exists in the daemon process of the Yi IOT XY-3820, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary...
Yi IOT XY-3820 安全漏洞
Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version v6.0.24.10, which stems from a lack of input validation of a TCP service exposed by the daemon on port 6789, which could lead to the execution of arbitrary scripts on the device...
Yi IOT XY-3820 安全漏洞
Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version 6.0.24.10, which stems from the cmdlisten function in the cmd binary being vulnerable to remote command execution attacks...