Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
28 articles

#IoT

All CosmicBytez Labs articles tagged #IoT, across news, security advisories, how-to guides, and projects.

  • SecurityJul 16, 2026

    CVE-2026-51380: Tenda AC10 v3 Buffer Overflow Enables DoS and Remote Code Execution

    A critical CVSS 9.8 buffer overflow vulnerability in Tenda AC10 v3 firmware V03.03.16.09 allows remote attackers to cause permanent denial of service or execute arbitrary code via the /cgi-bin/UploadCfg endpoint.

  • SecurityJul 15, 2026

    CVE-2023-4346: KNX Protocol Connection Authorization Option 1 Account Lockout Vulnerability

    A vulnerability in KNX Association KNX Protocol Connection Authorization Option 1 allows an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device. CISA added this flaw to the Known Exploited Vulnerabilities catalog on July 15, 2026.

  • SecurityJul 13, 2026

    CVE-2026-15511: Critical OS Command Injection in Comfast CF-WR631AX Router

    A CVSS 9.8 critical OS command injection vulnerability in the Comfast CF-WR631AX V3 router allows unauthenticated network-adjacent attackers to execute arbitrary commands via a manipulated filename argument in the FastCGI backend webmgnt binary.

  • NewsJul 12, 2026

    Six U-Boot Flaws Could Enable Stealthy Firmware Attacks on Embedded Devices

    Researchers have discovered six vulnerabilities in the widely deployed U-Boot bootloader that could allow attackers to execute malicious code at boot time, bypassing OS-level security protections and installing persistent firmware implants.

  • NewsJul 3, 2026

    7 Unpatched Flaws Disclosed in FatFs Filesystem Used in Millions of Embedded Devices

    Security firm runZero has disclosed seven vulnerabilities in FatFs, a widely used FAT/exFAT filesystem library embedded in cameras, drones, crypto...

  • SecurityJun 24, 2026

    CVE-2026-12485: GeoVision GV-I/O Box 4E UDP Stack Overflow (IP Address Field)

    A critical CVSS 10.0 stack-based buffer overflow in the GeoVision GV-I/O Box 4E DVRSearch service allows unauthenticated remote attackers to achieve...

  • SecurityJun 24, 2026

    CVE-2026-12486: GeoVision GV-I/O Box 4E OS Command Injection via libNetSetObj.so

    Multiple OS command injection vulnerabilities in GeoVision GV-I/O Box 4E firmware 2.09 allow attackers with network access to execute arbitrary system...

  • SecurityJun 24, 2026

    CVE-2026-12846: GeoVision GV-I/O Box 4E UDP Stack Overflow (Net Mask Field)

    A second critical CVSS 10.0 stack-based buffer overflow in GeoVision GV-I/O Box 4E firmware 2.09 — this time in the Net Mask field handling of the...

  • SecurityJun 23, 2026

    CVE-2025-67038: Lantronix EDS5000 OS Command Injection Vulnerability

    A critical OS command injection flaw in the Lantronix EDS5000 serial device server allows unauthenticated attackers to inject arbitrary commands via the...

  • SecurityJun 4, 2026

    CVE-2026-49186: Critical MQTT Broker Wildcard ACL Bypass

    A critical CVSS 9.8 vulnerability in a local MQTT broker fails to enforce topic-level ACLs, allowing any client to use wildcard characters to enumerate hidden…

  • SecurityApr 29, 2026

    Snap One WattBox 800/820 Diagnostic Auth Bypass

    A CVSS 9.8 critical vulnerability in Snap One WattBox 800 and 820 series firmware exposes undisclosed diagnostic HTTP endpoints protected only by the...

  • SecurityApr 28, 2026

    CVE-2026-7154: Totolink A8000RU OS Command Injection via CGI Handler

    A critical unauthenticated OS command injection vulnerability in the Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote attackers to...

  • SecurityApr 27, 2026

    CVE-2026-7037: Unauthenticated OS Command Injection in Totolink A8000RU

    A critical CVSS 9.8 OS command injection vulnerability in the Totolink A8000RU router allows unauthenticated remote attackers to execute arbitrary...

  • SecurityApr 25, 2026

    CVE-2026-21515: Azure IoT Central Elevation of Privilege

    A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...

  • SecurityApr 12, 2026

    CVE-2026-6112: Totolink A7100RU OS Command Injection via setRadvdCfg

    A critical OS command injection vulnerability (CVSS 9.8) in Totolink A7100RU firmware allows unauthenticated remote attackers to execute arbitrary...

  • SecurityApr 12, 2026

    CVE-2026-6113: Totolink A7100RU OS Command Injection via setTtyServiceCfg

    A critical OS command injection flaw (CVSS 9.8) in Totolink A7100RU enables remote unauthenticated attackers to execute arbitrary commands by manipulating...

  • SecurityApr 12, 2026

    CVE-2026-6114: Totolink A7100RU OS Command Injection via setNetworkCfg

    CVE-2026-6114 is a critical OS command injection vulnerability (CVSS 9.8) in the Totolink A7100RU router's setNetworkCfg function, exploitable remotely...

  • SecurityApr 12, 2026

    CVE-2026-6115: Totolink A7100RU OS Command Injection via setAppCfg

    CVE-2026-6115 describes a critical OS command injection vulnerability (CVSS 9.8) in the Totolink A7100RU router, exploitable remotely and without...

  • SecurityApr 11, 2026

    CVE-2026-4149: Sonos Era 300 Unauthenticated RCE via SMB

    A CVSS 10 critical vulnerability in the Sonos Era 300 smart speaker allows unauthenticated remote attackers to execute arbitrary code by exploiting an...

  • SecurityApr 10, 2026

    CVE-2026-5977: TOTOLINK A7100RU Critical OS Command

    A critical OS command injection vulnerability (CVSS 9.8) in TOTOLINK A7100RU routers allows unauthenticated remote attackers to execute arbitrary system...

  • SecurityApr 10, 2026

    CVE-2026-5978: TOTOLINK A7100RU Critical OS Command

    A second critical OS command injection vulnerability (CVSS 9.8) in TOTOLINK A7100RU routers allows unauthenticated remote attackers to execute arbitrary...

  • NewsApr 5, 2026

    Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

    A joint operation by the US Department of Justice, Canada, and Germany has dismantled the infrastructure behind four highly disruptive IoT botnets that...

  • NewsMar 23, 2026

    Weekly Recap: CI/CD Backdoor, FBI Buys Location Data

    This week's cybersecurity roundup covers supply chain attacks hitting CI/CD pipelines, long-running IoT botnets finally disrupted, the FBI's warrantless...

  • SecurityMar 23, 2026

    Tenda A15 UploadCfg Stack Buffer Overflow (CVE-2026-4567)

    A CVSS 9.8 Critical stack-based buffer overflow in Tenda A15 firmware 15.13.07.13 allows unauthenticated remote attackers to execute arbitrary code by...

  • SecurityMar 22, 2026

    D-Link DHP-1320 SOAP Handler Stack Buffer Overflow

    A CVSS 8.8 stack-based buffer overflow in D-Link DHP-1320 firmware 1.00WWB04 allows unauthenticated remote attackers to execute arbitrary code via a...

  • NewsMar 20, 2026

    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record

    The U.S. Department of Justice, in coordination with Germany and Canada, has dismantled the C2 infrastructure of four major IoT botnets — AISURU, Kimwolf,...

  • NewsFeb 9, 2026

    Massive Kimwolf Botnet Disrupts I2P Anonymous Network

    IoT botnet Kimwolf launches sustained attack against The Invisible Internet Project (I2P), disrupting the encrypted, decentralized communications network...

  • SecurityJan 18, 2026

    Critical D-Link Router RCE Under Active Exploitation - No

    CVE-2026-0625 allows unauthenticated remote code execution on legacy D-Link DSL routers. Devices are end-of-life with no patches forthcoming. Immediate...