VYPR

Bridge

by Qodeinteractive

CVEs (11)

  • CVE-2025-26410CriFeb 11, 2025
    risk 0.64cvss 9.8epss 0.01

    The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the…

  • CVE-2025-26411HigFeb 11, 2025
    risk 0.57cvss 8.8epss 0.01

    An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the…

  • CVE-2022-32510HigMay 14, 2024
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the…

  • CVE-2025-26409MedFeb 11, 2025
    risk 0.44cvss 6.8epss 0.00

    A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This…

  • CVE-2024-49311MedOct 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.

  • CVE-2024-9292MedOct 8, 2024
    risk 0.42cvss 6.4epss 0.00

    The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

  • CVE-2025-26408MedFeb 11, 2025
    risk 0.40cvss 6.1epss 0.00

    The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions…

  • CVE-2017-13138MedAug 23, 2017
    risk 0.40cvss 6.1epss 0.01

    DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.

  • CVE-2024-49312MedOct 17, 2024
    risk 0.32cvss 4.9epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.

  • CVE-2021-4399MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(),…

  • CVE-2019-20781Apr 29, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.