Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.
Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges th
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclos
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communication
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attacker
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without p
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection.
During the initialization process, a user has
A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root vi
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'add
A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT3
A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network a
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, una
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alt
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted H
Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker wi
Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read op
Page 1+ Next →