Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
home firmware vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-13772
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
Tp-link Wr940n Firmware -
1 EDB exploit
1 Github repository
1 Article
7.5
CVSSv3
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
NA
CVE-2015-6032
Qolsys IQ Panel (aka QOL) prior to 1.5.1 has hardcoded cryptographic keys, which allows remote malicious users to create digital signatures for code by leveraging knowledge of a key from a different installation.
Qolsys Iq Panel
NA
CVE-2015-6033
Qolsys IQ Panel (aka QOL) prior to 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle malicious users to bypass intended access restrictions via a modified update.
Qolsys Iq Panel
NA
CVE-2024-27287
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on)...
NA
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow remote malicious users to cause a denial of service (memory corruption and applica...
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1e
9.8
CVSSv3
CVE-2015-5995
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote malicious users to obtain administrative access via a certain admin substring in an HTTP Cookie header.
Tenda N3 Wireless N150
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
2 Github repositories
6.8
CVSSv3
CVE-2015-5994
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote malicious users to obtain administrative privil...
Mediabridge Medialink Mwn-wapr300n Firmware
8.8
CVSSv3
CVE-2015-5996
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote malicious users to hijack the authentication of arbitrary users.
Mediabridge Medialink Mwn-wapr300n Firmware
1 EDB exploit
5.9
CVSSv3
CVE-2015-7276
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
Technicolor C2000t Firmware -
Technicolor C2100t Firmware -
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »