Firmware
Monthly
Authentication bypass in Tenda router firmware (AC10, AC5, AC6, FH1201, W15E) lets any user log in as administrator via a hidden vendor backdoor: after normal MD5-based login fails, the /bin/httpd login() routine at 0x4c88b8 falls back to a plaintext strcmp() against the 'sys.rzadmin.password' config value, granting role=2 (admin) with any username. Reported through CERT/CC (VU#213560), it is not in CISA KEV and has no public exploit identified at time of analysis, with a low EPSS score of 0.24% (15th percentile). The flaw is a classic CWE-912 hidden-functionality backdoor mapped to CVSS 9.8.
Anonymous MQTT access in Yarbo firmware v2.3.9 allows remote unauthenticated attackers on the local network to fully control the robotic lawn mower and exfiltrate sensitive telemetry data. The embedded MQTT broker accepts connections without credentials and enforces no topic-level access controls, enabling arbitrary publish/subscribe operations. No authentication, authorization, or message validation occurs. EPSS and KEV data not available; exploitation requires only network access to the robot's MQTT port (typically TCP 1883).
Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device administrative access across all deployed units. The CVSS 9.8 critical score reflects the complete lack of authentication barriers (AV:N/AC:L/PR:N), with identical credentials embedded in every device that cannot be changed by end users. No active exploitation has been confirmed by CISA KEV, but a public GitHub repository reference suggests potential proof-of-concept availability. EPSS data unavailable, though the trivial exploitation path (no complexity, no privileges required) indicates high weaponization potential once credentials become widely known.
Undocumented persistent backdoor in Yarbo firmware v2.3.9 grants remote privileged access that survives factory reset and firmware updates. The backdoor requires high-privilege authentication (CVSS PR:H) but provides complete system control once accessed. No public exploit identified at time of analysis, though GitHub repository reference suggests technical disclosure exists. CVSS 7.2 reflects the high-privilege requirement, but persistence across resets and undocumented nature indicate significant supply chain or insider threat risk.
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Authentication bypass in Tenda router firmware (AC10, AC5, AC6, FH1201, W15E) lets any user log in as administrator via a hidden vendor backdoor: after normal MD5-based login fails, the /bin/httpd login() routine at 0x4c88b8 falls back to a plaintext strcmp() against the 'sys.rzadmin.password' config value, granting role=2 (admin) with any username. Reported through CERT/CC (VU#213560), it is not in CISA KEV and has no public exploit identified at time of analysis, with a low EPSS score of 0.24% (15th percentile). The flaw is a classic CWE-912 hidden-functionality backdoor mapped to CVSS 9.8.
Anonymous MQTT access in Yarbo firmware v2.3.9 allows remote unauthenticated attackers on the local network to fully control the robotic lawn mower and exfiltrate sensitive telemetry data. The embedded MQTT broker accepts connections without credentials and enforces no topic-level access controls, enabling arbitrary publish/subscribe operations. No authentication, authorization, or message validation occurs. EPSS and KEV data not available; exploitation requires only network access to the robot's MQTT port (typically TCP 1883).
Hardcoded administrative credentials in Yarbo firmware v2.3.9 allow remote unauthenticated attackers to gain full device administrative access across all deployed units. The CVSS 9.8 critical score reflects the complete lack of authentication barriers (AV:N/AC:L/PR:N), with identical credentials embedded in every device that cannot be changed by end users. No active exploitation has been confirmed by CISA KEV, but a public GitHub repository reference suggests potential proof-of-concept availability. EPSS data unavailable, though the trivial exploitation path (no complexity, no privileges required) indicates high weaponization potential once credentials become widely known.
Undocumented persistent backdoor in Yarbo firmware v2.3.9 grants remote privileged access that survives factory reset and firmware updates. The backdoor requires high-privilege authentication (CVSS PR:H) but provides complete system control once accessed. No public exploit identified at time of analysis, though GitHub repository reference suggests technical disclosure exists. CVSS 7.2 reflects the high-privilege requirement, but persistence across resets and undocumented nature indicate significant supply chain or insider threat risk.
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.