Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
home firmware vulnerabilities and exploits
(subscribe to this query)
891
VMScore
CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
Crestron Airmedia Am-100 Firmware
3 Github repositories
505
VMScore
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
828
VMScore
CVE-2015-6032
Qolsys IQ Panel (aka QOL) prior to 1.5.1 has hardcoded cryptographic keys, which allows remote malicious users to create digital signatures for code by leveraging knowledge of a key from a different installation.
Qolsys Iq Panel
828
VMScore
CVE-2015-6033
Qolsys IQ Panel (aka QOL) prior to 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle malicious users to bypass intended access restrictions via a modified update.
Qolsys Iq Panel
NA
CVE-2024-27287
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on)...
605
VMScore
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow remote malicious users to cause a denial of service (memory corruption and applica...
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1e
1000
VMScore
CVE-2015-5995
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote malicious users to obtain administrative access via a certain admin substring in an HTTP Cookie header.
Tenda N3 Wireless N150
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
2 Github repositories
703
VMScore
CVE-2015-5994
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote malicious users to obtain administrative privil...
Mediabridge Medialink Mwn-wapr300n Firmware
685
VMScore
CVE-2015-5996
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote malicious users to hijack the authentication of arbitrary users.
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
NA
CVE-2015-8260
CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »