Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.
c88a68158caf9f8c370f593f1564b9bdfdae8e3ee99f70f86114b5c91c83c7b8ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.
2ad4c83e851b5a6d905cd41028173a338d0361610fcbc55e00ab71b116573c19RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.
8442cf2977502cf345c9cdeea5392c4f9553884f014a51ece6c87fa179154e17Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.
e25651886495730ba652afb5121baaf7e7f37336a3e296f81df774de5fa1a7b8ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
4f066c4a8cdc5c194bf13e721d902a077e402bf503eb72e35b7aa253ae12cbc4Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities.
6f24b76996588394fbb94967f5b0e8467cbff9441ecfb4f651c76018dfc935d1Fronius Solar Inverter Series with software versions below 3.14.1 (HM 1.12.1) suffer from unencrypted communication and path traversal vulnerabilities.
46d07c50a50a38d3e72edbdb05e75639eec82b51138aa67ce7d11c6db7954113Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.
d1f54ec01ba5b00cfa34a2d4469ebf60d85f134038071b4ccda0eb845965f314An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.
d8f9966f1cf6cfdad043939000c11dc5d57af44b55eeecde1c7d7957838c81b4The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.
9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.
4ddfd7e4aeded2b9a09503c3772f049b2865f8a9549663d294404fbb6dff2c0aVgate iCar2 WiFi OBD2 dongles suffer from having unprotected wifi access and unencrypted data transfer mechanisms alongside unauthenticated access to on-board diagnostics.
bd3bbe4b860b8670cff9df02a11d912d9ac2b5fc349324356a7837a8af5e447bZyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.
70cc9aaccabd73574249df6071fa934b5a0458febf8117a3a9555126bb2a51d1TestLink Open Source Test Management versions prior to 1.9.17 suffer from an insecure direct object reference.
0910df37fb4c03268b6c09f2acdee5ba8b437d90519a496c092a0421442672d9Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.
dbe54c5ea42b2b718d2e52d43f2a94c9324fceea90c90f40ef71e0110a6e0d24WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.
2c11a47b7528a16c740e127eb7874b0b322256809e96287c94d0d4c80bcc54cfLinksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.
e66d718a08baa524af05c5de1f9b57d9611d9454de19eb2da59eee56654ed6a8Ubiquiti Networks UniFi Cloud Key wwith firmware versions 0.6.4 and below suffer from an authenticated command injection vulnerability.
defe62d41ae432d3349f7dfd03f86ba7dc55eff1d75efec162ec8e57dfb2add1Ubiquiti Networks UniFi Cloud Key with firmware version 0.6.1 suffers from an authenticated command injection vulnerability.
b1d682f1fd9cfb123f3a27a3343c95e2a7ba06181c803421e10e7165845b5f8bUbiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.
ff7df61d3c20ef698eeacd98caa047a8dc5114df5d8ba8103bd56c8c1fd454e9KATHREIN UFSconnect 916 and 906 with firmware version 2.23 build 224 suffer from denial of service and unauthenticated access vulnerabilities.
d34e42d46978401f5571e9b56b01a873a736e3891811d9f953a96ac17a8a227bUbiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.
d949ab82fa820e019e252e34b09b9796b3377a6125992b6741bbffca256e68f7Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.
ee8734a3380cb25e9501ce4ed4a9ee0bd8e9edf795998ee4d8a0ad875a88622b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed