Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
home firmware vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
9.3
CVSSv2
CVE-2015-6033
Qolsys IQ Panel (aka QOL) prior to 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle malicious users to bypass intended access restrictions via a modified update.
Qolsys Iq Panel
9.3
CVSSv2
CVE-2015-6032
Qolsys IQ Panel (aka QOL) prior to 1.5.1 has hardcoded cryptographic keys, which allows remote malicious users to create digital signatures for code by leveraging knowledge of a key from a different installation.
Qolsys Iq Panel
NA
CVE-2024-27287
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on)...
6.8
CVSSv2
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow remote malicious users to cause a denial of service (memory corruption and applica...
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1e
10
CVSSv2
CVE-2015-5995
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote malicious users to obtain administrative access via a certain admin substring in an HTTP Cookie header.
Tenda N3 Wireless N150
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
2 Github repositories
7.9
CVSSv2
CVE-2015-5994
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote malicious users to obtain administrative privil...
Mediabridge Medialink Mwn-wapr300n Firmware
6.8
CVSSv2
CVE-2015-5996
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote malicious users to hijack the authentication of arbitrary users.
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
4.3
CVSSv2
CVE-2015-7276
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
Technicolor C2000t Firmware -
Technicolor C2100t Firmware -
1 Article
NA
CVE-2015-8260
CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »