| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. |
| An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) |
| An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root). |
| An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface on the device. The telnet interface can then be used to obtain access to the device with root privileges via a reecam4debug default password. This default telnet password is the same across all Siime Eye devices. In order for the attack to be exploited, an attacker must be physically close in order to connect to the device's Wi-Fi access point. |
| The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. |
| The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. |
| The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. |
| The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. |
| The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. |
| The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. |
| The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. |
| The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. |
| The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. |
| The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. |
