Pedro Umbelino

3 exploits Active since Sep 2025
CVE-2025-54807 WRITEUP CRITICAL WRITEUP
Device Firmware <unknown - Auth Bypass
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
CVSS 9.8
CVE-2025-55067 WRITEUP HIGH WRITEUP
Veeder-Root TLS4B Automatic Tank Gauge System < 11.A - Denial of Service via Unix Time Overflow
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history visibility, and leak detection termination. This vulnerability could allow an attacker to manipulate the system time to trigger a denial of service (DoS) condition, leading to administrative lockout, operational timer failures, and corrupted log entries.
CVSS 7.1
CVE-2025-58428 WRITEUP CRITICAL WRITEUP
Veeder-Root TLS4B ATG SOAP Interface - Authenticated Remote Command Execution
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.
CVSS 9.9