CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45038 – Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware
https://notcve.org/view.php?id=CVE-2024-45038
Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulnerability in MQTT handling, fixed in version 2.4.1 of the Meshtastic firmware and on the Meshtastic public MQTT Broker. It's strongly suggested that all users of Meshtastic, particularly those that connect to a privately hosted MQTT server, update to this or a more recent stable version right away. There are no known workarounds for this vulnerability. • https://github.com/meshtastic/firmware/security/advisories/GHSA-3x3r-vw9f-pxq5 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1431
https://notcve.org/view.php?id=CVE-2008-1431
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. RaidSonic NAS-4220-B con versión de firmware 2.6.0-n(2007-10-11) almacena una clave de cifrado de partición en un fichero no cifrado /system/.crypt con una codificación base64, lo que permite a usuarios locales obtener dicha clave. • http://secunia.com/advisories/29401 http://securityreason.com/securityalert/3760 http://www.securityfocus.com/archive/1/489690/100/0/threaded http://www.securityfocus.com/bid/28264 • CWE-310: Cryptographic Issues •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1320
https://notcve.org/view.php?id=CVE-2003-1320
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. • http://www.kb.cert.org/vuls/id/287771 http://www.kb.cert.org/vuls/id/AAMN-5L74VD • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0888
https://notcve.org/view.php?id=CVE-2001-0888
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. El Wireless Acces Point (WAP) Atmel Firmware 1.3 permite a atacantes remotos causar una denegación de servicio mediante una petición SNMP con una cadena de comunidad distinta de "public", oun OID (identificador de objeto) desconocido lo que hace que el WAP deniege peticiones SNMP subsiguientes. • http://marc.info/?l=bugtraq&m=100895903202798&w=2 http://www.securityfocus.com/bid/3734 https://exchange.xforce.ibmcloud.com/vulnerabilities/7734 •