Nixpkgs security tracker

Login with GitHub

Suggestions search

With package: nitrokey-trng-rs232-firmware

Found 2 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
updated 2 days, 10 hours ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse dismissed (not in Nixpkgs)
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor

Affected products

firmware
  • ==US_AC10V1.0re_V15.03.06.46_multi_TDE01
  • ==US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
  • ==US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
  • ==US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
  • ==US_AC6V2.0RTL_V15.03.06.51_multi_T

Matching in nixpkgs

pkgs.zd1211fw

Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

  • nixos-unstable 1.5
    • nixpkgs-unstable 1.5
    • nixos-unstable-small 1.5
  • nixos-26.05 1.5
    • nixos-26.05-small 1.5
    • nixpkgs-26.05-darwin 1.5

pkgs.gnome-firmware

Tool for installing firmware on devices

  • nixos-unstable 49.0
    • nixpkgs-unstable 49.0
    • nixos-unstable-small 49.0
  • nixos-26.05 49.0
    • nixos-26.05-small 49.0
    • nixpkgs-26.05-darwin 49.0

pkgs.ipw2200-firmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-26.05 3.1
    • nixos-26.05-small 3.1
    • nixpkgs-26.05-darwin 3.1

pkgs.rtl8761b-firmware

Firmware for Realtek RTL8761b

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-26.05 -
    • nixos-26.05-small
    • nixpkgs-26.05-darwin

pkgs.intel2200BGFirmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-26.05 3.1
    • nixos-26.05-small 3.1
    • nixpkgs-26.05-darwin 3.1

pkgs.uefi-firmware-parser

Tool for parsing, extracting, and recreating UEFI firmware volumes

  • nixos-unstable 1.16
    • nixpkgs-unstable 1.16
    • nixos-unstable-small 1.16
  • nixos-26.05 1.16
    • nixos-26.05-small 1.16
    • nixpkgs-26.05-darwin 1.16

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-26.05 13
    • nixos-26.05-small 13
    • nixpkgs-26.05-darwin 13

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-7414
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 months ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse dismissed (not in Nixpkgs)
Hardcoded credentials in Yarbo robot firmware

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

Affected products

Firmware
  • =<2.3.9

Matching in nixpkgs

pkgs.zd1211fw

Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

  • nixos-unstable 1.5
    • nixpkgs-unstable 1.5
    • nixos-unstable-small 1.5

pkgs.uefi-firmware-parser

Tool for parsing, extracting, and recreating UEFI firmware volumes

  • nixos-unstable 1.13
    • nixpkgs-unstable 1.13
    • nixos-unstable-small 1.13

Package maintainers