There is a vulnerability in the BMC firmware image authentication design
at Supermicro MBD-X12DPG-OA6
. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verifi
An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. The lack of a length
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalati
Information disclosure while processing information on firmware image during core initialization.
Memory Corruption when processing IOCTLs for JPEG data without verification.
Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code executi
Transient DOS while creating NDP instance.
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
Memory corruption while reading secure file.
Memory corruption during session sign renewal request calls in HLOS.
Transient DOS when processing a received frame with an excessively large authentication information element.
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.