Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
home firmware vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2013-6948
The peerAddresses API in the Belkin WeMo Home Automation firmware prior to 3949 allows remote malicious users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) iss...
Belkin Wemo Home Automation Firmware 2769
9.3
CVSSv2
CVE-2013-6949
The Belkin WeMo Home Automation firmware prior to 3949 does not properly use the STUN and TURN protocols, which allows remote malicious users to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
Belkin Wemo Home Automation Firmware 2769
7.8
CVSSv2
CVE-2013-6950
The Belkin WeMo Home Automation firmware prior to 3949 does not use SSL for the distribution feed, which allows man-in-the-middle malicious users to install arbitrary firmware by spoofing a distribution server.
Belkin Wemo Home Automation Firmware 2769
7.1
CVSSv2
CVE-2013-6951
The Belkin WeMo Home Automation firmware prior to 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary X.509 certificate.
Belkin Wemo Home Automation Firmware 2769
10
CVSSv2
CVE-2013-6952
The Belkin WeMo Home Automation firmware prior to 3949 has a hardcoded GPG key, which makes it easier for remote malicious users to spoof firmware updates and execute arbitrary code via crafted signed data.
Belkin Wemo Home Automation Firmware 2769
7.5
CVSSv2
CVE-2001-1426
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote malicious users to change firmware versions or the device's configurations.
Alcatel Speed Touch Home Khdsaa.133
Alcatel Speed Touch Home Khdsaa.134
Alcatel Speed Touch Home Khdsaa.108
Alcatel Speed Touch Home Khdsaa.132
7.5
CVSSv2
CVE-2001-1424
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote malicious users to gain unauthorized access.
Alcatel Speed Touch Home Khdsaa.108
Alcatel Speed Touch Home Khdsaa.132
Alcatel Speed Touch Home Khdsaa.133
Alcatel Speed Touch Home Khdsaa.134
7.5
CVSSv2
CVE-2001-1425
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote malicious users to gain privileges by directly computing the response based on information that is provided by the device d...
Alcatel Speed Touch Home Khdsaa.108
Alcatel Speed Touch Home Khdsaa.134
Alcatel Speed Touch Home Khdsaa.132
Alcatel Speed Touch Home Khdsaa.133
3.3
CVSSv2
CVE-2019-17098
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an malicious user to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v...
August August Home
August Connect Wi-fi Bridge Firmware
7.5
CVSSv2
CVE-2001-1484
Alcatel ADSL modems allow remote malicious users to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
Alcatel Speed Touch Adsl Modem Home
Alcatel Adsl Modem 1000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »