Skip to main content

Nerveshub

2 CVEs product

Monthly

CVE-2026-28806 CRITICAL Act Now

Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.

Authentication Bypass Nerveshub
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-64097 CRITICAL PATCH Act Now

NervesHub OTA firmware management has a weak random number generation vulnerability that allows attackers to predict firmware update tokens and push malicious updates.

Authentication Bypass Nerveshub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
EPSS 0% CVSS 9.4
CRITICAL Act Now

Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API.

Authentication Bypass Nerveshub
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

NervesHub OTA firmware management has a weak random number generation vulnerability that allows attackers to predict firmware update tokens and push malicious updates.

Authentication Bypass Nerveshub
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy