Firmware
This hub aggregates every CVE we track for Firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
27
CVEs tracked
7
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM14CRITICAL7HIGH5LOW1
Monthly trend
1
1
1
1
0
0
1
0
1
0
1
3
1
0
0
0
1
1
0
0
0
3
0
1
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Firmware.
- CVE-2026-11405Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface9.8
- CVE-2026-7415Open MQTT orchestration without read/write ACLs in Yarbo robot firmware9.8
- CVE-2026-7414Hardcoded credentials in Yarbo robot firmware9.8
- CVE-2026-7413Persistent undocumented backdoor access in Yarbo robot7.2
- CVE-2025-55292In Meshtastic, an attacker can spoof licensed amateur flag for a node8.2
- CVE-2025-53627Meshtastic firmware allows forged DMs with no PKC to show up as encrypted5.3
- CVE-2025-55293Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB9.4
- CVE-2024-47065Traceroute_APP responses are not rate-limited.6.5
- CVE-2025-53637Meshtastic allows Command Injection in GitHub Action4.1
- CVE-2025-24798Meshtastic crashes via an unimplemented routing module reply4.3
- CVE-2025-52464Meshtastic Repeated Public and Private Keypairs8.3
- CVE-2025-24797Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow9.4
- CVE-2025-21608Forged packets over MQTT can show up in direct messages in Meshtastic firmware5.3
- CVE-2024-51500Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware5.3
- CVE-2024-47079Unauthorized usage of remote hardware module because of missing channel verification6.4
Product normalization is registry-driven with AI assist and human review. How it works