ZDI-25-758: (Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-757: (Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-756: (Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not... 02/08/2025 Zero-Day Initiative
ZDI-25-755: (Pwn2Own) QNAP QHora-322 qsyslog-cli username Format String Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required... 02/08/2025 Zero-Day Initiative
ZDI-25-754: (Pwn2Own) QNAP TS-464 privWizard.cgi Authentication CRLF Injection Privilege Escalation Vulnerability This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of QNAP TS-464 devices. Although authentication is required to... 02/08/2025 Zero-Day Initiative
ZDI-25-753: (Pwn2Own) QNAP TS-464 Improper Handling of URL Encoding Authentication Bypass Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to... 02/08/2025 Zero-Day Initiative
ZDI-25-733: (0Day) Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell... 01/08/2025 Zero-Day Initiative
ZDI-25-732: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-731: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
ZDI-25-730: (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication... 31/07/2025 Zero-Day Initiative
