Yashodhanvivek

12 exploits Active since Sep 2023
CVE-2025-56019 NOMISEC MEDIUM WRITEUP
Agasta Easytouch+ 9.3.97 - Privilege Escalation
An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
CVSS 6.5
CVE-2025-63729 NOMISEC CRITICAL STUB
Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 - Info Disclosure
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.
CVSS 9.0
CVE-2025-44039 NOMISEC MEDIUM WRITEUP
CP-XR-DE21-S Firmware 1.031.022 - Unauthenticated Sensitive Information Exposure via UART Console
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
CVSS 5.1
CVE-2024-30656 NOMISEC HIGH SUSPICIOUS
Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 - Denial of Service via Crafted Deauth Frame
An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.
CVSS 7.5
CVE-2025-44039 WRITEUP MEDIUM WRITEUP
CP-XR-DE21-S Firmware 1.031.022 - Unauthenticated Sensitive Information Exposure via UART Console
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
CVSS 5.1
CVE-2025-56019 WRITEUP MEDIUM WRITEUP
Agasta Easytouch+ 9.3.97 - Privilege Escalation
An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
CVSS 6.5
CVE-2025-63729 WRITEUP CRITICAL WRITEUP
Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 - Info Disclosure
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.
CVSS 9.0
CVE-2023-36160 WRITEUP MEDIUM WRITEUP
Qubo Smart Plug10A <HSP02_01_01_14_SYSTEM-10 - Info Disclosure
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.
CVSS 5.5
CVE-2023-36161 WRITEUP HIGH WRITEUP
Qubo Smart Plug <HSP02_01_01_14_SYSTEM-10A - DoS
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.
CVSS 7.5
CVE-2024-54846 WRITEUP MEDIUM WRITEUP
CP Plus CP-VNR-3104 B3223P22C02424 - Improper Certificate Validation
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.
CVSS 5.9
CVE-2024-54847 WRITEUP MEDIUM WRITEUP
CP Plus CP-VNR-3104 B3223P22C02424 - Improper Certificate Validation
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.
CVSS 5.9
CVE-2024-54848 WRITEUP HIGH WRITEUP
CP Plus CP-VNR-3104 B3223P22C02424 - Improper Certificate Validation
Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.
CVSS 7.4