CVE-2023-2003

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-506
View all →

Vulnerability Description

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

Related Vulnerabilities

CVE-2017-16128

CRITICAL
CVSS:9.8(Critical)

The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.

CWE-5062017

CVE-2024-3094

CRITICAL
CVSS:10.0(Critical)

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a di...

CWE-5062024

CVE-2020-15165

CRITICAL
CVSS:9.1(Critical)

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending a...

CWE-5062020

CVE-2025-30066

HIGH
CVSS:8.6(High)

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modifi...

CWE-5062025

CVE-2025-30154

HIGH
CVSS:8.6(High)

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed s...

CWE-5062025

CVE-2024-4978

HIGH
CVSS:8.4(High)

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vuln...

CWE-5062024