Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1741 | 2026-02-03 | 6.8 MEDIUM | 6.6 MEDIUM | ||
|
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond i ...
Show More |
|||||
| CVE-2025-55704 | 2026-01-29 | N/A | 5.3 MEDIUM | ||
|
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.
|
|||||
| CVE-2025-2894 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | N/A | 6.6 MEDIUM |
|
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
|
|||||
| CVE-2025-11544 | 2025-12-23 | N/A | N/A | ||
|
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
|
|||||
| CVE-2023-24108 | 1 Zetacomponents | 1 Mvctools | 2025-12-05 | N/A | 9.8 CRITICAL |
|
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.
|
|||||
| CVE-2025-47729 | 1 Telemessage | 1 Text Message Archiver | 2025-11-05 | N/A | 1.9 LOW |
|
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
|
|||||
| CVE-2025-48416 | 2025-11-03 | N/A | 8.1 HIGH | ||
|
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
|
|||||
| CVE-2021-25371 | 1 Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2025-10-30 | 7.2 HIGH | 6.1 MEDIUM |
|
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
|
|||||
| CVE-2024-20439 | 1 Cisco | 1 Smart License Utility | 2025-10-28 | N/A | 9.8 CRITICAL |
|
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights ove ...
Show More |
|||||
| CVE-2025-62773 | 2025-10-22 | N/A | 2.4 LOW | ||
|
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator.
|
|||||
| CVE-2025-58778 | 2025-10-16 | N/A | 7.2 HIGH | ||
|
Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.
|
|||||
| CVE-2025-11673 | 2025-10-14 | N/A | 7.2 HIGH | ||
|
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
|
|||||
| CVE-2025-8938 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-28011 | 1 Nec | 118 Aterm Cr2500p, Aterm Cr2500p Firmware, Aterm Mr01ln and 115 more | 2025-09-29 | N/A | 9.8 CRITICAL |
|
Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850 ...
Show More |
|||||
| CVE-2010-20103 | 1 Proftpd | 1 Proftpd | 2025-09-24 | N/A | 9.8 CRITICAL |
|
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
|
|||||
| CVE-2025-55075 | 2025-09-17 | N/A | 4.9 MEDIUM | ||
|
Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.
|
|||||
| CVE-2025-30064 | 2025-08-29 | N/A | N/A | ||
|
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.
|
|||||
| CVE-2025-9382 | 2025-08-25 | 6.2 MEDIUM | 6.4 MEDIUM | ||
|
A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1_rf_test_config of the component Telnet Sevice. Executing manipulation can lead to backdoor. The physical device can be targeted for the attack. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosur ...
Show More |
|||||
| CVE-2024-39754 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 10.0 CRITICAL |
|
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.
|
|||||
| CVE-2011-10018 | 1 Mybb | 1 Mybb | 2025-08-14 | N/A | 9.8 CRITICAL |
|
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
|
|||||
| CVE-2025-46267 | 2025-07-22 | N/A | 4.9 MEDIUM | ||
|
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.
|
|||||
| CVE-2025-34117 | 2025-07-17 | N/A | N/A | ||
|
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device ...
Show More |
|||||
| CVE-2025-6839 | 2025-06-30 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-26412 | 2025-06-18 | N/A | 6.8 MEDIUM | ||
|
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands.
|
|||||
| CVE-2022-46997 | 1 Passhunt Project | 1 Passhunt | 2025-04-21 | N/A | 9.8 CRITICAL |
|
Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-46996 | 1 Vsphere Selfuse Project | 1 Vsphere Selfuse | 2025-04-21 | N/A | 9.8 CRITICAL |
|
vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
|
|||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
|
The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.
|
|||||
| CVE-2025-32370 | 1 Kentico | 1 Xperience | 2025-04-08 | N/A | 7.2 HIGH |
|
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.
|
|||||
| CVE-2023-22316 | 1 Pixela | 2 Pix-rt100, Pix-rt100 Firmware | 2025-04-04 | N/A | 6.5 MEDIUM |
|
Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services.
|
|||||
| CVE-2022-47767 | 1 Solar-log | 18 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 15 more | 2025-04-01 | N/A | 9.8 CRITICAL |
|
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
|
|||||
| CVE-2025-27840 | 1 Espressif | 2 Esp32, Esp32 Firmware | 2025-03-12 | N/A | 6.8 MEDIUM |
|
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
|
|||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
|
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
|
|||||
| CVE-2025-0626 | 2025-03-01 | N/A | 7.5 HIGH | ||
|
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
|
|||||
| CVE-2025-1204 | 2025-02-25 | N/A | N/A | ||
|
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.
|
|||||
| CVE-2025-0675 | 2025-02-07 | N/A | 7.5 HIGH | ||
|
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
|
|||||
| CVE-2024-13062 | 2025-01-02 | N/A | 7.2 HIGH | ||
|
An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.
Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.
|
|||||
| CVE-2024-10773 | 2024-12-06 | N/A | 9.0 CRITICAL | ||
|
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain
full access to the device.
|
|||||
| CVE-2024-5514 | 2024-11-25 | N/A | 9.8 CRITICAL | ||
|
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
|
|||||
| CVE-2024-6045 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
|
|||||
| CVE-2024-5633 | 2024-11-21 | N/A | N/A | ||
|
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.
An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.
|
|||||