Bridge
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26410 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2025 | The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the… | ||
| CVE-2025-26411 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2025 | An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the… | ||
| CVE-2022-32510 | Hig | 0.46 | 7.1 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the… | ||
| CVE-2025-26409 | Med | 0.44 | 6.8 | 0.00 | Feb 11, 2025 | A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This… | ||
| CVE-2024-49311 | Med | 0.42 | 6.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||
| CVE-2024-9292 | Med | 0.42 | 6.4 | 0.00 | Oct 8, 2024 | The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated… | ||
| CVE-2025-26408 | Med | 0.40 | 6.1 | 0.00 | Feb 11, 2025 | The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions… | ||
| CVE-2017-13138 | Med | 0.40 | 6.1 | 0.01 | Aug 23, 2017 | DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | ||
| CVE-2024-49312 | Med | 0.32 | 4.9 | 0.00 | Oct 17, 2024 | Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||
| CVE-2021-4399 | Med | 0.28 | 4.3 | 0.00 | Jul 1, 2023 | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(),… | ||
| CVE-2019-20781 | 0.00 | — | 0.00 | Apr 29, 2020 | An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. |
- risk 0.64cvss 9.8epss 0.01
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the…
- risk 0.57cvss 8.8epss 0.01
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the…
- risk 0.46cvss 7.1epss 0.00
An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the…
- risk 0.44cvss 6.8epss 0.00
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
- risk 0.42cvss 6.4epss 0.00
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
- risk 0.40cvss 6.1epss 0.00
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions…
- risk 0.40cvss 6.1epss 0.01
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.
- risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
- risk 0.28cvss 4.3epss 0.00
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(),…
- CVE-2019-20781Apr 29, 2020risk 0.00cvss —epss 0.00
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.