4.8

CVSS4.0

CVE-2025-64696 -

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

πŸ“… Published: Dec. 9, 2025, 8:16 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-41693 - Authenticated Denial-of-Service via SSH

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.

πŸ“… Published: Dec. 9, 2025, 8:13 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:11 p.m.

4.6

CVSS3.1

CVE-2025-41696 - Hardcoded User Password

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

πŸ“… Published: Dec. 9, 2025, 8:13 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:12 p.m.

6.5

CVSS3.1

CVE-2025-41694 - Authenticated Denial-of-Service via Webshell

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

πŸ“… Published: Dec. 9, 2025, 8:12 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:12 p.m.

6.8

CVSS3.1

CVE-2025-41692 - Weak/Predictable root Password

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

πŸ“… Published: Dec. 9, 2025, 8:12 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:11 p.m.

6.8

CVSS3.1

CVE-2025-41697 - Shell access to UART Console

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

πŸ“… Published: Dec. 9, 2025, 8:12 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:12 p.m.

7.1

CVSS3.1

CVE-2025-41695 - Reflected XSS vulnerability in dyn_conn.php

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level re…

πŸ“… Published: Dec. 9, 2025, 8:10 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 6:12 p.m.

7.1

CVSS3.1

CVE-2025-41745 - Reflected XSS vulnerability in pxc_portCntr2.php

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-lev…

πŸ“… Published: Dec. 9, 2025, 8:10 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 4:09 p.m.

7.1

CVSS3.1

CVE-2025-41746 - Reflected XSS vulnerability in pxc_portSecCfg.php

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-le…

πŸ“… Published: Dec. 9, 2025, 8:09 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 4:46 p.m.

7.1

CVSS3.1

CVE-2025-41747 - Reflected XSS vulnerability in pxc_vlanIntfCfg.php

An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-l…

πŸ“… Published: Dec. 9, 2025, 8:09 a.m. πŸ”„ Last Modified: Dec. 19, 2025, 4:46 p.m.
Total resulsts: 345145
Page 2341 of 34,515
Β« previous page Β» next page
Filters