2025-07-12 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2013-3307 | Linksys - E1000Linksys - E1200Linksys - E3200 | Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000. | CVSS3.1: 8.3 - HIGH | 0 | Exploitation: pocAutomatable: yesTechnical Impact: partial | undefined | github |
| CVE-2024-47065 | meshtastic - firmware | Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1. | CVSS4.0: 2.7 - LOW | 0 | Exploitation: pocAutomatable: yesTechnical Impact: partial | Traceroute_APP responses are not rate-limited. | github |
| CVE-2025-50121 | Schneider Electric - EcoStruxure IT Data Center Expert | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default. | CVSS4.0: 9.5 - CRITICAL CVSS3.1: 10 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2025-1351 | IBM - Storage Virtualize | IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function. | CVSS3.1: 6.7 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | IBM Storage Virtualize privilege escalation | github |
This post is licensed under CC BY 4.0 by the author.