Stefan Gast<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@lcamtuf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lcamtuf</span></a></span> Which manufacturer? I feel like they deserve to have their name mentioned for this.</p><p><a href="https://infosec.exchange/tags/internetofshit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetofshit</span></a></p>
Administered by:
#InternetOfShit
14 posts7 participants0 posts today
https://github.com/5ulfur/security-advisories/tree/main/CVE-2025-63423
The /login.htm and /pass.htm pages in the Web management interface contain the administrator credentials.
The session cookie contains a base64-encoded "username:password" and is stored/transmitted without any protection.
All the traffic is HTTP, so an attacker can easily intercept it.
GitHubsecurity-advisories/CVE-2025-63423 at main · 5ulfur/security-advisoriesMy security advisories. Contribute to 5ulfur/security-advisories development by creating an account on GitHub.
Oh no, @da_667 what will you do? Oh, right, the other 193 constantly vulnerable #internetOfShit vendors.
Engadget · US government is getting closer to banning TP-Link routers
Imagine that, in a moment of madness, you spend $3,500 (about €3.000 at the current exchange rate) on a smart refrigerator. Now imagine that every time you approach it, you see an advertisement but they are not personalized because "trust me bro", says Samsung. Well, you don't need to imagine.
Ars Technica · Samsung makes ads on $3,499 smart fridges official with upcoming software update
Replied in thread
WAVLINK
https://www.cve.org/CVERecord?id=CVE-2025-61128
IPFire
https://www.cve.org/CVERecord?id=CVE-2025-34301
https://www.cve.org/CVERecord?id=CVE-2025-34302
https://www.cve.org/CVERecord?id=CVE-2025-34303
https://www.cve.org/CVERecord?id=CVE-2025-34304
https://www.cve.org/CVERecord?id=CVE-2025-34305
https://www.cve.org/CVERecord?id=CVE-2025-34306
https://www.cve.org/CVERecord?id=CVE-2025-34307
https://www.cve.org/CVERecord?id=CVE-2025-34308
https://www.cve.org/CVERecord?id=CVE-2025-34309
https://www.cve.org/CVERecord?id=CVE-2025-34310
https://www.cve.org/CVERecord?id=CVE-2025-34311
https://www.cve.org/CVERecord?id=CVE-2025-34312
https://www.cve.org/CVERecord?id=CVE-2025-34313
https://www.cve.org/CVERecord?id=CVE-2025-34314
https://www.cve.org/CVERecord?id=CVE-2025-34315
https://www.cve.org/CVERecord?id=CVE-2025-34316
https://www.cve.org/CVERecord?id=CVE-2025-34317
Replied in thread
Punch line spoilers
Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House
https://futurism.com/robots-and-machines/robot-vacuum-broadcasting
> One man's robot vacuum was constantly communicating with its manufacturer, sending a detailed 3D map of his house halfway across the world.
Futurism · Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-12232
https://www.cve.org/CVERecord?id=CVE-2025-12233
https://www.cve.org/CVERecord?id=CVE-2025-12234
https://www.cve.org/CVERecord?id=CVE-2025-12235
https://www.cve.org/CVERecord?id=CVE-2025-12236
https://www.cve.org/CVERecord?id=CVE-2025-12265
https://www.cve.org/CVERecord?id=CVE-2025-12271
https://www.cve.org/CVERecord?id=CVE-2025-12272
https://www.cve.org/CVERecord?id=CVE-2025-12273
https://www.cve.org/CVERecord?id=CVE-2025-12274
TOTOLINK
https://www.cve.org/CVERecord?id=CVE-2025-12239
https://www.cve.org/CVERecord?id=CVE-2025-12240
https://www.cve.org/CVERecord?id=CVE-2025-12241
https://www.cve.org/CVERecord?id=CVE-2025-12258
https://www.cve.org/CVERecord?id=CVE-2025-12259
https://www.cve.org/CVERecord?id=CVE-2025-12260
SICK
https://www.cve.org/CVERecord?id=CVE-2025-10561
https://www.cve.org/CVERecord?id=CVE-2025-59459
https://www.cve.org/CVERecord?id=CVE-2025-59460
https://www.cve.org/CVERecord?id=CVE-2025-59461
https://www.cve.org/CVERecord?id=CVE-2025-59462
https://www.cve.org/CVERecord?id=CVE-2025-59463
ZTE
https://www.cve.org/CVERecord?id=CVE-2025-46582