Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3843 | 1 Wago | 2 852-111\/000-001, 852-111\/000-001 Firmware | 2025-03-18 | 9.1 Critical |
| In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | ||||
| CVE-2023-24108 | 1 Zetacomponenets | 1 Mvctools | 2025-03-13 | 9.8 Critical |
| MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | ||||
| CVE-2025-27840 | 1 Espressif | 2 Esp32, Esp32 Firmware | 2025-03-12 | 6.8 Medium |
| Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). | ||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
| CVE-2025-0626 | 2025-03-01 | 7.5 High | ||
| The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device. | ||||
| CVE-2022-38452 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2025-02-26 | 7.2 High |
| A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2025-1204 | 2025-02-25 | N/A | ||
| The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device. | ||||
| CVE-2021-25371 | 1 Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2025-02-14 | 6.1 Medium |
| A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | ||||
| CVE-2025-0675 | 2025-02-12 | 7.5 High | ||
| Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. | ||||
| CVE-2023-25183 | 1 Snapone | 2 Orvc, Ovrc-300-pro | 2025-01-16 | 8.3 High |
| In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. | ||||
| CVE-2024-39754 | 2025-01-14 | 10 Critical | ||
| A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2024-28011 | 1 Nec | 59 Aterm Cr2500p Firmware, Aterm Mr01ln Firmware, Aterm Mr02ln Firmware and 56 more | 2025-01-14 | 9.8 Critical |
| Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet | ||||
| CVE-2024-13062 | 2025-01-06 | 7.2 High | ||
| An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | ||||
| CVE-2024-10773 | 1 Sick | 3 Inspector61x Firmware, Inspector62x Firmware, Tim3xx | 2024-12-09 | 9 Critical |
| The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | ||||
| CVE-2024-5514 | 1 Minmax | 1 Minmax | 2024-11-25 | 9.8 Critical |
| MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. | ||||
| CVE-2024-6045 | 1 Dlink | 15 E15 Firmware, E30 Firmware, G403 Firmware and 12 more | 2024-11-21 | 8.8 High |
| Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware. | ||||
| CVE-2024-5633 | 2024-11-21 | N/A | ||
| Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device. | ||||
| CVE-2024-3016 | 2024-11-21 | 9.1 Critical | ||
| NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user. | ||||
| CVE-2024-33583 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 3.3 Low |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment. | ||||
| CVE-2024-22044 | 2024-11-21 | 7.5 High | ||
| A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. | ||||