Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.
e98dce221232e53adca554fe3cd6ed0d46d0caac22afced67ae352d9d304056c
Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.
c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889b
Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.
a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2
Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities.
156682e9b1ae64a09507acbd8e4e2825d7de53ca1c3540e8c214b7b38fbd68ac
This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.
fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381f
Multiple versions of Korenix JetWave suffer from authenticated command injection and denial of service vulnerabilities.
855f389543c13d74be1ffa1c20556605349c2e7c25c9e761aad4692ec6b41a9d
Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.
ed99477c42e93bd1a34f1bac91b2dd83464752e9e6c54a967155fd881bf63c70
Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.
52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906
Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.
c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8
Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.
902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471
Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.
4849e99df805e1eb9050864513716a8f55def09fca9fc5b0dddcaa19077b0b61
COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.
548515ca72e9a559204cae299150309e86e1f034ccca3a9cd876a5da99d81eb2
Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.
811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.
1688a18cca9d3b422b451318fd542b12535ebb6ef1eb8f23ae56ff707d1b4659
Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.
3e2603282fec3712a00d6e06e97b774d59453da271d200dfc02c1517bb7fec06
Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download.
7f0a0ec0c017ac5bb71670246359ab27291e0f6543e3a3b66f3b4ecf9cd874dc
Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.
0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2
Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.
5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4
Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.
91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39
Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.
04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.
2ab15e19675a05aaabcb76dc1553dadb6ceb96917b39bbdccdfbeaba3666a535
Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.
c88a68158caf9f8c370f593f1564b9bdfdae8e3ee99f70f86114b5c91c83c7b8
ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.
2ad4c83e851b5a6d905cd41028173a338d0361610fcbc55e00ab71b116573c19
RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.
8442cf2977502cf345c9cdeea5392c4f9553884f014a51ece6c87fa179154e17
Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.
e25651886495730ba652afb5121baaf7e7f37336a3e296f81df774de5fa1a7b8