Skip to main content

Firmware

11 CVEs product

Monthly

CVE-2026-11405 CRITICAL NEWS Act Now

Authentication bypass in Tenda router firmware (AC10, AC5, AC6, FH1201, W15E) lets any user log in as administrator via a hidden vendor backdoor: after normal MD5-based login fails, the /bin/httpd login() routine at 0x4c88b8 falls back to a plaintext strcmp() against the 'sys.rzadmin.password' config value, granting role=2 (admin) with any username. Reported through CERT/CC (VU#213560), it is not in CISA KEV and has no public exploit identified at time of analysis, with a low EPSS score of 0.24% (15th percentile). The flaw is a classic CWE-912 hidden-functionality backdoor mapped to CVSS 9.8.

Information Disclosure Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-7415 CRITICAL Act Now

Anonymous MQTT access in Yarbo firmware v2.3.9 allows remote unauthenticated attackers on the local network to fully control the robotic lawn mower and exfiltrate sensitive telemetry data. The embedded MQTT broker accepts connections without credentials and enforces no topic-level access controls, enabling arbitrary publish/subscribe operations. No authentication, authorization, or message validation occurs. EPSS and KEV data not available; exploitation requires only network access to the robot's MQTT port (typically TCP 1883).

Authentication Bypass Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7414 CRITICAL Act Now

Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device administrative access across all deployed units. The CVSS 9.8 critical score reflects the complete lack of authentication barriers (AV:N/AC:L/PR:N), with identical credentials embedded in every device that cannot be changed by end users. No active exploitation has been confirmed by CISA KEV, but a public GitHub repository reference suggests potential proof-of-concept availability. EPSS data unavailable, though the trivial exploitation path (no complexity, no privileges required) indicates high weaponization potential once credentials become widely known.

Authentication Bypass Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-7413 HIGH This Week

Undocumented persistent backdoor in Yarbo firmware v2.3.9 grants remote privileged access that survives factory reset and firmware updates. The backdoor requires high-privilege authentication (CVSS PR:H) but provides complete system control once accessed. No public exploit identified at time of analysis, though GitHub repository reference suggests technical disclosure exists. CVSS 7.2 reflects the high-privilege requirement, but persistence across resets and undocumented nature indicate significant supply chain or insider threat risk.

Information Disclosure Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2016-6257 MEDIUM This Month

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lenovo Firmware Km714 Firmware Km632 Firmware +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2014-8657 MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

Denial Of Service Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.9%
CVE-2014-8656 CRITICAL POC THREAT Emergency

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.

Authentication Bypass Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
15.6%
Threat
4.0
CVE-2014-8655 MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Privilege Escalation Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.4%
CVE-2014-8654 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-8653 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.

XSS Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.8%
CVE-2013-2645 CRITICAL POC Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF TP-Link Firmware
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
0.5%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authentication bypass in Tenda router firmware (AC10, AC5, AC6, FH1201, W15E) lets any user log in as administrator via a hidden vendor backdoor: after normal MD5-based login fails, the /bin/httpd login() routine at 0x4c88b8 falls back to a plaintext strcmp() against the 'sys.rzadmin.password' config value, granting role=2 (admin) with any username. Reported through CERT/CC (VU#213560), it is not in CISA KEV and has no public exploit identified at time of analysis, with a low EPSS score of 0.24% (15th percentile). The flaw is a classic CWE-912 hidden-functionality backdoor mapped to CVSS 9.8.

Information Disclosure Firmware
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Anonymous MQTT access in Yarbo firmware v2.3.9 allows remote unauthenticated attackers on the local network to fully control the robotic lawn mower and exfiltrate sensitive telemetry data. The embedded MQTT broker accepts connections without credentials and enforces no topic-level access controls, enabling arbitrary publish/subscribe operations. No authentication, authorization, or message validation occurs. EPSS and KEV data not available; exploitation requires only network access to the robot's MQTT port (typically TCP 1883).

Authentication Bypass Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device administrative access across all deployed units. The CVSS 9.8 critical score reflects the complete lack of authentication barriers (AV:N/AC:L/PR:N), with identical credentials embedded in every device that cannot be changed by end users. No active exploitation has been confirmed by CISA KEV, but a public GitHub repository reference suggests potential proof-of-concept availability. EPSS data unavailable, though the trivial exploitation path (no complexity, no privileges required) indicates high weaponization potential once credentials become widely known.

Authentication Bypass Firmware
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Undocumented persistent backdoor in Yarbo firmware v2.3.9 grants remote privileged access that survives factory reset and firmware updates. The backdoor requires high-privilege authentication (CVSS PR:H) but provides complete system control once accessed. No public exploit identified at time of analysis, though GitHub repository reference suggests technical disclosure exists. CVSS 7.2 reflects the high-privilege requirement, but persistence across resets and undocumented nature indicate significant supply chain or insider threat risk.

Information Disclosure Firmware
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lenovo Firmware +4
NVD GitHub
EPSS 21% CVSS 5.0
MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

Denial Of Service Firmware Cg6640E Wireless Gateway +1
NVD Exploit-DB
EPSS 16% 4.0 CVSS 10.0
CRITICAL POC THREAT Emergency

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.

Authentication Bypass Firmware Cg6640E Wireless Gateway +1
NVD Exploit-DB
EPSS 15% CVSS 5.0
MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Privilege Escalation Firmware Cg6640E Wireless Gateway +1
NVD Exploit-DB
EPSS 4% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Firmware Cg6640E Wireless Gateway +1
NVD Exploit-DB
EPSS 12% CVSS 4.3
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.

XSS Firmware Cg6640E Wireless Gateway +1
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF TP-Link +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy