Overview CVE-2020-36874 details a critical vulnerability affecting ACE SECURITY WIP-90113 HD cameras. This vulnerability allows an unauthenticated remote attacker to download the device’s configuration backup file. This backup can contain sensitive information, including administrative credentials, potentially leading to complete compromise of the camera and potentially the network it is connected to. Technical Details The vulnerability exists in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint, intended for creating configuration backups, lacks any authentication or authorization checks. An attacker can simply request this URL to download a compressed archive of the camera’s configuration. This archive typically includes: Administrative usernames and passwords (often stored in…

Overview CVE-2020-36873 describes a critical vulnerability affecting Astak CM-818T3 2.4GHz wireless security surveillance cameras. This flaw allows unauthenticated remote attackers to download a compressed configuration backup file directly from the camera via the /web/cgi-bin/hi3510/backup.cgi endpoint. This backup contains sensitive information, including administrative credentials, potentially leading to full compromise of the device and potentially impacting the connected network. Technical Details The vulnerability lies in the lack of authentication or authorization checks before serving the configuration backup file. By simply accessing the /web/cgi-bin/hi3510/backup.cgi endpoint, a remote attacker can download a .tar.gz archive. This archive contains configuration files which commonly store passwords (often…

Overview CVE-2020-36872 describes a remote denial-of-service (DoS) vulnerability affecting BACnet Test Server versions up to and including 1.01. This vulnerability resides in the application’s handling of BACnet/IP BVLC packets. By sending a specially crafted UDP BVLC frame with a malformed BVLC Length field, an unauthenticated attacker can trigger an access violation, causing the server application to crash and resulting in a DoS condition. This can disrupt or completely halt BACnet testing procedures. Technical Details The BACnet Test Server software listens for incoming UDP BVLC frames on the default BACnet port (47808/udp). The core of the vulnerability lies in the insufficient…

Overview CVE-2020-36871 is a security vulnerability affecting ESCAM QD-900 WIFI HD cameras. This vulnerability allows an unauthenticated attacker to remotely download a compressed configuration backup file from the camera via the /web/cgi-bin/hi3510/backup.cgi endpoint. This backup file can contain sensitive information, including administrative credentials, which could lead to unauthorized access and further compromise of the camera and potentially the connected network. Technical Details The vulnerability resides in the lack of authentication and authorization checks on the /web/cgi-bin/hi3510/backup.cgi endpoint. A remote attacker can simply request this URL to trigger the generation and download of the configuration backup file. The configuration file is…

Overview CVE-2019-25227 describes a critical vulnerability affecting Tellion HN-2204AP routers. This security flaw allows an unauthenticated attacker to remotely retrieve a compressed configuration archive from the device. The exposed configuration files may contain sensitive information, including administrative credentials, wireless keys (passwords), and other crucial network settings. This unauthorized access significantly increases the risk of device and network compromise. Technical Details The vulnerability resides in the /cgi-bin/system_config_file management endpoint of the Tellion HN-2204AP router’s web interface. The core issue is the lack of proper authentication or authorization checks before allowing access to this endpoint. By simply sending a request to this…

Overview CVE-2019-25226 describes an unauthenticated configuration disclosure vulnerability affecting Dongyoung Media DM-AP240T/W wireless access points. This vulnerability allows a remote attacker to retrieve a compressed configuration archive from the /cgi-bin/sys_system_config management endpoint without needing any authentication. The configuration archive can contain sensitive information, including administrative credentials, network settings, and other security-related parameters. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the device and potentially the entire network. Technical Details The vulnerability resides in the web management interface of the Dongyoung Media DM-AP240T/W access points. Specifically, the /cgi-bin/sys_system_config endpoint is accessible without requiring any authentication or authorization.…

Overview CVE-2025-65202 details a critical authenticated remote OS command injection vulnerability found in TRENDnet TEW-657BRM routers running firmware version 1.00.1. This vulnerability resides within the setup.cgi binary. A malicious actor, after successfully authenticating, can leverage specific HTTP parameters to inject and execute arbitrary operating system commands with root privileges. This poses a significant security risk, potentially allowing attackers to completely compromise the affected router and the network it serves. Technical Details The vulnerability stems from improper input sanitization within the setup.cgi script. The script utilizes user-supplied data from the HTTP requests without adequate validation, making it susceptible to command injection.…

Overview CVE-2025-7449 is a medium severity Denial of Service (DoS) vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability impacts versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1. An authenticated user with specific permissions can exploit this vulnerability to cause a DoS condition through malicious HTTP response processing. It is crucial to upgrade your GitLab instance to a patched version to mitigate this risk. Technical Details The vulnerability stems from how GitLab handles HTTP responses. An authenticated user, possessing the necessary privileges (the specifics of which are not fully detailed in the public…

Overview CVE-2025-6195 is a medium severity information disclosure vulnerability affecting GitLab Enterprise Edition (EE). Discovered and patched in late 2025, this vulnerability could allow an authenticated user to potentially view sensitive information contained within security reports, under specific and limited configuration conditions. This issue impacts GitLab EE versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1. Technical Details The vulnerability stems from improper access control checks within the security report functionality of GitLab EE. While the exact details are kept intentionally vague by GitLab to prevent exploitation of unpatched instances, it’s understood that a combination of factors,…

Overview This blog post details a significant security vulnerability, identified as CVE-2025-65670, affecting Classroomio version 0.1.13. This vulnerability is an Insecure Direct Object Reference (IDOR) that allows unauthorized access to sensitive administrative and student data. Technical Details CVE-2025-65670 is an IDOR (Insecure Direct Object Reference) vulnerability. In Classroomio 0.1.13, students can manipulate course IDs within URLs to access admin/teacher-restricted endpoints. This allows them to view sensitive information related to courses, administrators, and other students. The exploit leverages the application’s failure to properly validate user authorization when accessing resources via direct object references. It is reported that the leak occurs briefly…