Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12285

Summary
Assigner-azure-access
Assigner Org ID-a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At-26 Oct, 2025 | 16:24
Updated At-28 Oct, 2025 | 14:44
Rejected At-
Credits

Missing Initial Password Change

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:azure-access
Assigner Org ID:a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At:26 Oct, 2025 | 16:24
Updated At:28 Oct, 2025 | 14:44
Rejected At:
▼CVE Numbering Authority (CNA)
Missing Initial Password Change

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Affected Products
Vendor
Azure Access Technology
Product
BLU-IC2
Default Status
unaffected
Versions
Affected
  • From 0 through 1.19.5 (semver)
Vendor
Azure Access Technology
Product
BLU-IC4
Default Status
unaffected
Versions
Affected
  • From 0 through 1.19.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-50CAPEC-50 Password Recovery Exploitation
CAPEC ID: CAPEC-50
Description: CAPEC-50 Password Recovery Exploitation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Kevin Schaller
finder
Benjamin Lafois
finder
Alexi Bitsios
finder
Sebastian Toscano
finder
Dominik Schneider
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://azure-access.com/security-advisories
N/A
Hyperlink: https://azure-access.com/security-advisories
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At:26 Oct, 2025 | 17:15
Updated At:10 Nov, 2025 | 14:55

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
azure-access
azure-access
>>blu-ic2_firmware>>Versions before 1.20(exclusive)
cpe:2.3:o:azure-access:blu-ic2_firmware:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic2>>*
cpe:2.3:h:azure-access:blu-ic2:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic4_firmware>>Versions before 1.20(exclusive)
cpe:2.3:o:azure-access:blu-ic4_firmware:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic4>>*
cpe:2.3:h:azure-access:blu-ic4:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarya0340c66-c385-4f8b-991b-3d05f6fd5220
CWE-521Primarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: a0340c66-c385-4f8b-991b-3d05f6fd5220
CWE ID: CWE-521
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://azure-access.com/security-advisoriesa0340c66-c385-4f8b-991b-3d05f6fd5220
Vendor Advisory
Hyperlink: https://azure-access.com/security-advisories
Source: a0340c66-c385-4f8b-991b-3d05f6fd5220
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

620Records found
CVE-2025-12552
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-31 Oct, 2025 | 15:43
Updated-10 Nov, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Password Policy

Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-12275
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.24% / 47.30%
||
7 Day CHG+0.05%
Published-26 Oct, 2025 | 16:15
Updated-07 Nov, 2025 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CVE-2025-12364
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-27 Oct, 2025 | 18:09
Updated-10 Nov, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Policy

Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-12001
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 21:53
Updated-07 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Content-Type Header

Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-12603
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-2.3||LOW
EPSS-0.07% / 20.63%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 18:56
Updated-07 Nov, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
/etc/timezone can be Arbitrarily Written

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-12479
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.04% / 10.33%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 16:50
Updated-07 Nov, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation

Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-12516
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.04%
||
7 Day CHG+0.02%
Published-30 Oct, 2025 | 15:42
Updated-10 Nov, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of Graceful Error Handling - HTTP 5xx Error

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-394
Unexpected Status Code or Return Value
CVE-2025-12220
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.04%
||
7 Day CHG+0.02%
Published-25 Oct, 2025 | 15:53
Updated-10 Nov, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Busybox 1.31.1 - Multiple Known Vulnerabilities

Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1395
Dependency on Vulnerable Third-Party Component
CVE-2025-11925
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 19:56
Updated-07 Nov, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Content-Type Header

Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-12423
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.14% / 34.49%
||
7 Day CHG+0.08%
Published-28 Oct, 2025 | 18:14
Updated-07 Nov, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service - Protocol Manipulation

Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-248
Uncaught Exception
CVE-2025-12600
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 18:48
Updated-10 Nov, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web UI Malfunction

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CVE-2025-12602
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-2.3||LOW
EPSS-0.07% / 20.63%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 18:54
Updated-07 Nov, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
/etc/avahi/services/z9.service can be Arbitrarily Written

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-12553
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.05% / 14.80%
||
7 Day CHG+0.01%
Published-31 Oct, 2025 | 15:48
Updated-10 Nov, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Certificate Verification Disabled

Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-599
Missing Validation of OpenSSL Certificate
CVE-2025-12554
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.28%
||
7 Day CHG+0.03%
Published-31 Oct, 2025 | 15:52
Updated-10 Nov, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Security Headers

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-12601
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.43%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 18:49
Updated-10 Nov, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Due to SlowLoris

Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CVE-2025-12219
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.04%
||
7 Day CHG+0.02%
Published-25 Oct, 2025 | 15:51
Updated-10 Nov, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerable Components in Azure Access OS

Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1395
Dependency on Vulnerable Third-Party Component
CVE-2025-11832
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.04%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 19:10
Updated-07 Nov, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
APIs Lack Rate Limiting

Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC4BLU-IC2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-12363
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.47%
||
7 Day CHG+0.01%
Published-Not Available
Updated-10 Nov, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-access
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-12425
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.21%
||
7 Day CHG+0.01%
Published-28 Oct, 2025 | 18:21
Updated-07 Nov, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation

Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-12104
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.29% / 51.82%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 03:56
Updated-07 Nov, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Content-Type Header

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1104
Use of Unmaintained Third Party Components
CVE-2025-12216
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.05% / 15.90%
||
7 Day CHG+0.01%
Published-25 Oct, 2025 | 15:33
Updated-10 Nov, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious / Malformed App can be Installed but not Uninstalled

Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1301
Insufficient or Incomplete Data Removal within Hardware Component
CVE-2025-12478
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.04% / 10.65%
||
7 Day CHG+0.01%
Published-29 Oct, 2025 | 16:37
Updated-07 Nov, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Non-Compliant TLS Configuration

Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-12422
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.13% / 32.85%
||
7 Day CHG+0.02%
Published-28 Oct, 2025 | 18:09
Updated-07 Nov, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerable Upgrade Feature (Arbitrary File Write)

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-12477
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-29 Oct, 2025 | 16:33
Updated-07 Nov, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server Version Disclosure

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-12176
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.60%
||
7 Day CHG~0.00%
Published-24 Oct, 2025 | 15:56
Updated-10 Nov, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undocumented Administrative Accounts

Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1242
Inclusion of Undocumented Features or Chicken Bits
CVE-2025-12218
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.06% / 17.85%
||
7 Day CHG+0.01%
Published-25 Oct, 2025 | 15:47
Updated-10 Nov, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Default Credentials

Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-12599
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2025 | 18:39
Updated-10 Nov, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)

Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-12476
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-29 Oct, 2025 | 16:31
Updated-07 Nov, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Resource Lacking AuthN

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-12424
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-28 Oct, 2025 | 18:18
Updated-07 Nov, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation through SUID-bit Binary

Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-12515
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.04%
||
7 Day CHG+0.02%
Published-30 Oct, 2025 | 15:38
Updated-10 Nov, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Systemic Internal Server Errors - HTTP 500 Response

Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-394
Unexpected Status Code or Return Value
CVE-2025-12284
Matching Score-6
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-6
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 29.58%
||
7 Day CHG+0.03%
Published-26 Oct, 2025 | 16:21
Updated-10 Nov, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of Input Validation

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-12278
Matching Score-6
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-6
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 28.41%
||
7 Day CHG+0.02%
Published-26 Oct, 2025 | 16:14
Updated-10 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-11805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.05%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:31
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

Action-Not Available
Vendor-pexipn/a
Product-reverse_proxy_and_turn_serverpexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0171
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-93.12% / 99.79%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 22:00
Updated-14 Jan, 2026 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosCisco IOS and IOS XEIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44548
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-6.66% / 91.09%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 08:55
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Solr information disclosure vulnerability through DataImportHandler

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-windowssolrApache Solr
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-40
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-45687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 21:51
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.

Action-Not Available
Vendor-raw-cpuid_projectn/a
Product-raw-cpuidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9791
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.24% / 99.93%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 16:00
Updated-22 Oct, 2025 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Action-Not Available
Vendor-The Apache Software Foundation
Product-strutsApache StrutsStruts 1
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0147
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.02% / 88.31%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 07:00
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemCisco Secure Access Control SystemSecure Access Control System (ACS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-1751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.69% / 89.20%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 21:51
Updated-06 Aug, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

Action-Not Available
Vendor-twikin/a
Product-twikin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0125
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-40.17% / 97.28%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 07:00
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv134wrv132wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134WVPN Routers
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44530
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.67% / 71.08%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:15
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

Action-Not Available
Vendor-n/aUbiquiti Inc.
Product-unifi_network_controllerUniFi Network application
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2017-9034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.58% / 90.18%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-22137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.07%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 16:08
Updated-08 Jan, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.

Action-Not Available
Vendor-stonith404
Product-pingvin-share
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2021-42853
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-9.1||CRITICAL
EPSS-0.63% / 70.10%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 16:51
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal Delete/Read at AgentDiagnosticServlet

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.

Action-Not Available
Vendor-riverbedAternity
Product-steelcentral_appinternals_dynamic_sampling_agentSteelCentral AppInternals Dynamic Sampling Agent
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 73.97%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 12:06
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Action-Not Available
Vendor-evenrouten/a
Product-iqrouter_firmwareiqroutern/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-50694
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.42% / 84.92%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.

Action-Not Available
Vendor-dom96n/a
Product-httpbeastn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34152
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-74.84% / 98.85%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraenterprise_linuximagemagickImageMagick
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.87% / 95.04%
||
7 Day CHG~0.00%
Published-14 Mar, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)

Action-Not Available
Vendor-tecrailn/a
Product-responsive_filemanagern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1459
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.57%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:06
Updated-08 Nov, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7481
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.92% / 83.16%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 13:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Action-Not Available
Vendor-[UNKNOWN]Canonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-ubuntu_linuxvirtualizationdebian_linuxvirtualization_manageropenshift_container_platformopenstackenterprise_linuxgluster_storageansible_enginestorage_consoleansible
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found