8.7
CVE-2025-11653 - UTT HiPER 2620G fNTP strcpy buffer overflow
A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.β¦
8.7
CVE-2025-11652 - UTT θΏε 518G formTaskEdit_ap buffer overflow
A vulnerability was found in UTT θΏε 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit has been made public and cβ¦
5.5
CVE-2025-39965 - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value. __xfrm_statβ¦
3.3
CVE-2025-39964 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistβ¦
8.7
CVE-2025-11651 - UTT θΏε 518G formRemoteControl sub_4247AC buffer overflow
A vulnerability has been found in UTT θΏε 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit hasβ¦
1
CVE-2025-11650 - Tomofun Furbo 360/Furbo Mini Password shadow weak hash
A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file /etc/shadow of the component Password Handler. Executing manipulation can lead to use of weak hash. The physical device can be targeted for the attack. The attack requires a hβ¦
7.3
CVE-2025-11649 - Tomofun Furbo 360/Furbo Mini Root Account hard-coded password
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have high β¦
6.3
CVE-2025-11648 - Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are highlβ¦
2.3
CVE-2025-11647 - Tomofun Furbo 360/Furbo Mini GATT Service information disclosure
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is needβ¦
5.3
CVE-2025-11646 - Tomofun Furbo 360/Furbo Mini GATT Service access control
A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exploit is now public and may be used. The firmβ¦