My personnal CVEs Pokedex and my Preferred Way to Spend Time
LIST OF Reported CVE
CVE-2025-29660
Arbitraty remote code execution
CVE-2025-29660
CVSS 9.8
Yi IOT
A critical vulnerability has been identified in the Yi IOT XY-3820 (v6.0.24.10) smart camera platform, specifically within its embedded daemon process. The service, exposed on TCP port 6789, fails to properly sanitize user-supplied input, enabling remote unauthenticated attackers to execute arbitrary commands present on the file system via path traversal techniques. Successful exploitation leads to unauthorized code execution with elevated privileges.
19 avril 2025
CVE-2025-29659
Remote Command Execution (RCE) via a Hidden Backdoor
CVE-2025-29659
CVSS 9.8
Yi IOT
A critical Remote Command Execution (RCE) vulnerability has been discovered in the Yi IOT XY-3820 smart camera (firmware v6.0.24.10), affecting the cmd binary. While this binary is not invoked during normal camera operation, it can be manually triggered (either locally or via another vulnerability) to spawn a root-level command server on TCP port 999.
Once active, the binary listens indefinitely and processes commands sent over the network, resulting in unauthenticated, root-level code execution.f
19 avril 2025
CVE-2025-25680
Arbitrary Code Execution via a specially crafted QR code
CVE-2025-25680
CVSS 7.7
LSC
This repository demonstrates a critical security vulnerability discovered in the LSC PTZ Dualband Camera. The flaw, located in the tuya_ipc_direct_connect function of the anyka_ipc process, allows remote arbitrary code execution when a specially crafted QR code is presented to the camera during Wi-Fi configuration.
1 janvier 1970
CVE-2025-65287
Unauthenticated directory traversal vulnerability
CVE-2025-65287
CVSS 9
SNMP
SNMP Web Pro 1.1 contains an unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi. In the download branch, user-supplied input (params) is concatenated directly to a base directory (/var/www/files/userScript/) using memcpy and strcat without proper validation or canonicalization. This allows an attacker to include ../ sequences to escape the intended directory.
2 décembre 2025
CVE-2025-65289
Remote Unauthenticated Cross site scripting (XSS) vulnerability
CVE-2025-65289
CVSS 9
Mercury
A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the context of an administrator's browser (for example after DHCP release/renew triggers the interface to display the stored hostname). Because the management interface uses weak/basic authentication and does not properly protect or isolate session material, the XSS can be used to exfiltrate the admin session and perform administrative actions.
2 décembre 2025
CVE-2025-65288
Buffer Overflow leading to DoS and potential Code Execution
CVE-2025-65288
CVSS 9
Mercury
A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copies/concatenations into fixed-size buffers. A crafted long hostname can overflow the buffer, causing a crash (DoS) and potentially enabling remote code execution.
