Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): firmware
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4466 |
A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259. Published: December 29, 2023; 5:15:12 AM -0500 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-51363 |
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information. Published: December 26, 2023; 3:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-46711 |
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. Published: December 26, 2023; 3:15:10 AM -0500 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2023-46681 |
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command. Published: December 26, 2023; 3:15:10 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-45741 |
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. Published: December 26, 2023; 3:15:10 AM -0500 |
V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-5962 |
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. Published: December 23, 2023; 4:15:08 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-5961 |
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. Published: December 23, 2023; 4:15:07 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-50147 |
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Published: December 22, 2023; 2:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-33220 |
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Published: December 15, 2023; 7:15:43 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-33217 |
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer Published: December 15, 2023; 6:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-0248 |
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. Published: December 14, 2023; 4:15:07 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-5630 |
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. Published: December 14, 2023; 12:15:13 AM -0500 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-46456 |
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Published: December 12, 2023; 10:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46455 |
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. Published: December 12, 2023; 10:15:07 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46454 |
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. Published: December 12, 2023; 10:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-42784 |
A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version. Published: December 12, 2023; 5:15:09 AM -0500 |
V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-48411 |
In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. Published: December 08, 2023; 11:15:18 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-48408 |
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. Published: December 08, 2023; 11:15:17 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-48406 |
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Published: December 08, 2023; 11:15:17 AM -0500 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-48399 |
In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. Published: December 08, 2023; 11:15:16 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |