Csaf
by Cisagov
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58083 | Cri | 0.65 | 10.0 | 0.01 | Nov 15, 2025 | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | ||
| CVE-2026-28742 | Cri | 0.64 | 9.8 | 0.00 | Jun 12, 2026 | Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence… | ||
| CVE-2026-7786 | Cri | 0.64 | 9.8 | 0.00 | May 29, 2026 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device… | ||
| CVE-2026-7251 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the… | ||
| CVE-2026-25775 | Cri | 0.64 | 9.8 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,… | ||
| CVE-2025-64130 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||
| CVE-2025-54807 | Cri | 0.64 | 9.8 | 0.01 | Sep 18, 2025 | The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system. | ||
| CVE-2026-5386 | Cri | 0.59 | 9.1 | 0.01 | May 29, 2026 | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings. | ||
| CVE-2026-8598 | Cri | 0.59 | 9.1 | 0.01 | May 20, 2026 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials. | ||
| CVE-2026-42947 | Hig | 0.57 | 8.8 | 0.00 | Jun 12, 2026 | A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker… | ||
| CVE-2026-5768 | Hig | 0.57 | 8.8 | 0.00 | May 29, 2026 | The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping… | ||
| CVE-2026-6824 | Hig | 0.55 | 8.4 | 0.00 | May 29, 2026 | A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.… | ||
| CVE-2026-42941 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | ||
| CVE-2026-42929 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||
| CVE-2026-50101 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any… | ||
| CVE-2025-12659 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. | ||
| CVE-2025-49848 | Hig | 0.51 | 7.8 | 0.00 | Jun 17, 2025 | An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of… | ||
| CVE-2026-50245 | Hig | 0.50 | 7.7 | 0.00 | Jun 11, 2026 | Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed. | ||
| CVE-2026-50005 | Hig | 0.50 | 7.7 | 0.00 | Jun 11, 2026 | Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. | ||
| CVE-2026-50108 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2026 | The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary… |
- risk 0.65cvss 10.0epss 0.01
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
- risk 0.64cvss 9.8epss 0.00
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence…
- risk 0.64cvss 9.8epss 0.00
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device…
- risk 0.64cvss 9.8epss 0.01
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the…
- risk 0.64cvss 9.8epss 0.00
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,…
- risk 0.64cvss 9.8epss 0.01
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
- risk 0.64cvss 9.8epss 0.01
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
- risk 0.59cvss 9.1epss 0.01
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
- risk 0.59cvss 9.1epss 0.01
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
- risk 0.57cvss 8.8epss 0.00
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker…
- risk 0.57cvss 8.8epss 0.00
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping…
- risk 0.55cvss 8.4epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.…
- risk 0.54cvss 8.3epss 0.00
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
- risk 0.54cvss 8.3epss 0.00
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
- risk 0.53cvss 8.1epss 0.00
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any…
- risk 0.51cvss 7.8epss 0.00
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of…
- risk 0.50cvss 7.7epss 0.00
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
- risk 0.50cvss 7.7epss 0.00
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
- risk 0.49cvss 7.5epss 0.00
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary…
Page 1 of 2