Certvde
Products
6- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35084 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | ||
| CVE-2026-35082 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | ||
| CVE-2025-41726 | Hig | 0.57 | 8.8 | 0.00 | Jan 27, 2026 | A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes. | ||
| CVE-2025-41684 | Hig | 0.57 | 8.8 | 0.01 | Jul 23, 2025 | An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting). | ||
| CVE-2025-41683 | Hig | 0.57 | 8.8 | 0.01 | Jul 23, 2025 | An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test). | ||
| CVE-2026-35081 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | ||
| CVE-2026-35079 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2026-35078 | Hig | 0.53 | 8.1 | 0.00 | Jun 3, 2026 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||
| CVE-2025-41727 | Hig | 0.51 | 7.8 | 0.00 | Jan 27, 2026 | A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. |
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
- risk 0.57cvss 8.8epss 0.00
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
- risk 0.57cvss 8.8epss 0.01
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).
- risk 0.57cvss 8.8epss 0.01
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).
- risk 0.53cvss 8.1epss 0.00
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
- risk 0.53cvss 8.1epss 0.00
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.53cvss 8.1epss 0.00
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
- risk 0.51cvss 7.8epss 0.00
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.