U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): firmware
  • Search Type: Search All
There are 4,330 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2023-6398

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

Published: February 19, 2024; 9:15:49 PM -0500
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-6397

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

Published: February 19, 2024; 9:15:48 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-22727

Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.

Published: February 16, 2024; 11:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-31728

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.

Published: February 16, 2024; 11:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.

Published: February 16, 2024; 12:15:08 PM -0500
V3.1: 2.0 LOW
V2.0:(not available)
CVE-2022-48220

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Published: February 14, 2024; 6:15:08 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2022-48219

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Published: February 14, 2024; 6:15:07 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-32280

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Published: February 14, 2024; 9:15:50 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-31189

Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access.

Published: February 14, 2024; 9:15:50 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-29153

Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.

Published: February 14, 2024; 9:15:49 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-28396

Improper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access.

Published: February 14, 2024; 9:15:47 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-31347

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  

Published: February 13, 2024; 3:15:52 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Published: February 13, 2024; 3:15:52 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-23811

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

Published: February 13, 2024; 4:15:49 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-25360

A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.

Published: February 12, 2024; 11:15:08 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2024-22394

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

Published: February 07, 2024; 9:15:07 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-43533

Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

Published: February 06, 2024; 1:16:02 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-43516

Memory corruption when malformed message payload is received from firmware.

Published: February 06, 2024; 1:16:01 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-0244

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

Published: February 05, 2024; 8:15:09 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-6234

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Published: February 05, 2024; 8:15:09 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)