VYPR
Vendor

T Mobile

Products
7
CVEs
14
Across products
16
Status
Private

Products

7

Recent CVEs

14
  • CVE-2025-9983HigSep 22, 2025
    risk 0.46cvss epss 0.01

    GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not…

  • CVE-2014-9583Jan 8, 2015
    risk 0.09cvss epss 0.81

    common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute…

  • CVE-2013-5948Apr 22, 2014
    risk 0.04cvss epss 0.09

    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

  • CVE-2018-15003Apr 25, 2019
    risk 0.00cvss epss 0.02

    The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys) Android devices contain a pre-installed platform app with a package name…

  • CVE-2018-14991Apr 25, 2019
    risk 0.00cvss epss 0.02

    The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build…

  • CVE-2018-14990Apr 25, 2019
    risk 0.00cvss epss 0.02

    The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build…

  • CVE-2014-2718Nov 4, 2014
    risk 0.00cvss epss 0.01

    ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle…

  • CVE-2014-6733Sep 26, 2014
    risk 0.00cvss epss 0.00

    The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2014-2925Apr 22, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

  • CVE-2014-2719Apr 22, 2014
    risk 0.00cvss epss 0.01

    Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

  • CVE-2013-1813Nov 23, 2013
    risk 0.00cvss epss 0.01

    util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

  • CVE-2012-2980Aug 21, 2012
    risk 0.00cvss epss 0.02

    The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer,…

  • CVE-2011-2716Jul 3, 2012
    risk 0.00cvss epss 0.02

    The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

  • CVE-2007-1823Apr 2, 2007
    risk 0.00cvss epss 0.02

    T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).