Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

firmware — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in firmware, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the firmware product category, focusing on Common Weakness Enumeration identifiers and associated security tags. It systematically collects reported security flaws affecting firmware implementations across various hardware vendors and device types. The database covers vulnerability reports ranging from the inception of modern embedded systems tracking up to the most recent disclosures, ensuring a comprehensive historical context for researchers and security analysts. Here, users can track a vendor’s advisories to monitor patch release cadences and response times. You can also understand a weakness class by examining how specific CWE categories manifest within firmware codebases, such as buffer overflows in bootloader routines or insecure update mechanisms. Furthermore, the interface allows you to look up a product's vulnerability history, enabling deep dives into specific firmware versions and their exposure windows. This structured approach helps stakeholders assess risk profiles and prioritize remediation efforts based on actual data rather than theoretical possibilities. By centralizing these records, the page serves as a critical reference point for developers auditing their own products and for security professionals evaluating the broader threat landscape. The information presented is derived from verified sources and official vendor disclosures to maintain high accuracy and reliability for all users accessing this technical data.

Vendor: meshtastic

CVE IDTitleCVSSSeverityPublished
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware CWE-306 9.8 Critical2026-05-07
CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware CWE-798 9.8 Critical2026-05-07
CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot CWE-912 7.2 High2026-05-07
CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node CWE-348 8.2 High2026-01-27
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted CWE-1287 5.3 Medium2025-12-29
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB CWE-287 9.4 Critical2025-08-18
CVE-2024-47065 Traceroute_APP responses are not rate-limited. CWE-799 5.3AIMediumAI2025-07-11
CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action CWE-78 4.1 Medium2025-07-10
CVE-2025-24798 Meshtastic crashes via an unimplemented routing module reply CWE-617 4.3 Medium2025-07-10
CVE-2025-52464 Meshtastic Repeated Public and Private Keypairs CWE-331 6.5AIMediumAI2025-06-19
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow CWE-119 9.4 Critical2025-04-14
CVE-2025-21608 Forged packets over MQTT can show up in direct messages in Meshtastic firmware CWE-668 5.3 -2025-02-18
CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware CWE-138 5.3 Medium2024-11-04
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification CWE-345 6.4 Medium2024-10-07
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT CWE-287 8.1 High2024-09-25
CVE-2024-45038 Device crash via malformed MQTT packet when downlink is enabled in Meshtastic device firmware CWE-755 7.5 High2024-08-27

All 16 known CVE vulnerabilities affecting firmware with full Chinese analysis, references, and POCs where available.