An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.
During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
A remote unauthenticated attacker may be able to bypass authentication
by utilizing a specific API route to execute arbitrary OS commands.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell comman
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.