Remenis

6 exploits Active since Sep 2025
CVE-2025-63666 NOMISEC CRITICAL WRITEUP
Tenda AC15 v15.03.05.18_multi - Info Disclosure
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.
1 stars
CVSS 9.8
CVE-2025-67158 NOMISEC HIGH WRITEUP
Revotech I6032W-FHW v1.0.0014 - 20210517 - Authentication Bypass via /cgi-bin/jvsweb.cgi
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVSS 7.5
CVE-2025-67159 NOMISEC HIGH WRITEUP
Vatilon PA4 Firmware v1.12.37-20240124 - Cleartext Transmission of Sensitive Information
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVSS 7.5
CVE-2025-67160 NOMISEC HIGH WRITEUP
Vatilon PA4 Firmware 1.12.37-20240124 - Path Traversal
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
CVSS 7.5
CVE-2025-56764 NOMISEC MEDIUM WRITEUP
Trivision NC-227WF <5.80 - Info Disclosure
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
CVSS 5.3
CVE-2025-63667 NOMISEC HIGH WRITEUP
SIMICAM KEVIEW ASECAM IP Camera Firmware - Unauthenticated Sensitive API Endpoint Access
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication.
CVSS 7.5