Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

With package: armTrustedFirmwareAllwinnerH616

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-58378
8.6 HIGH
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Attack Requirement (AT): None (N)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Active (A)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): High (H)
  • Vulnerable System Impact Availability (VA): High (H)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Attack Requirement (MAT): None (N)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Active (A)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): High (H)
  • Modified Vulnerable System Impact Availability (MVA): High (H)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Automatable (AU): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Value Density (V): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
  • Exploit Maturity (E): Not Defined (X)
created 6 days, 10 hours ago Activity log
  • Created suggestion
Allwinner TV Box TV98 ADB exposed on network

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.

References

  • url vdb-entry
  • url third-party-advisory

Affected products

H616
  • *

Matching in nixpkgs

Package maintainers

Untriaged
created 1 week, 2 days ago Activity log
  • Created suggestion
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor

Affected products

firmware
  • ==US_AC10V1.0re_V15.03.06.46_multi_TDE01
  • ==US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
  • ==US_AC6V2.0RTL_V15.03.06.51_multi_T
  • ==US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
  • ==US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE

Matching in nixpkgs

pkgs.zd1211fw

Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

  • nixos-unstable 1.5
    • nixpkgs-unstable 1.5
    • nixos-unstable-small 1.5
  • nixos-26.05 1.5
    • nixos-26.05-small 1.5
    • nixpkgs-26.05-darwin 1.5

pkgs.gnome-firmware

Tool for installing firmware on devices

  • nixos-unstable 49.0
    • nixpkgs-unstable 49.0
    • nixos-unstable-small 49.0
  • nixos-26.05 49.0
    • nixos-26.05-small 49.0
    • nixpkgs-26.05-darwin 49.0

pkgs.ipw2200-firmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-26.05 3.1
    • nixos-26.05-small 3.1
    • nixpkgs-26.05-darwin 3.1

pkgs.rtl8761b-firmware

Firmware for Realtek RTL8761b

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-26.05 -
    • nixos-26.05-small
    • nixpkgs-26.05-darwin

pkgs.intel2200BGFirmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-26.05 3.1
    • nixos-26.05-small 3.1
    • nixpkgs-26.05-darwin 3.1

pkgs.uefi-firmware-parser

Tool for parsing, extracting, and recreating UEFI firmware volumes

  • nixos-unstable 1.16
    • nixpkgs-unstable 1.16
    • nixos-unstable-small 1.16
  • nixos-26.05 1.16
    • nixos-26.05-small 1.16
    • nixpkgs-26.05-darwin 1.16

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-26.05 13
    • nixos-26.05-small 13
    • nixpkgs-26.05-darwin 13

Package maintainers