Arlo Q Plus Firmware 1.9.0.3 278
Approved changes feed: RSS · Atom
cpe:2.3:o:arlo:q_plus_firmware:1.9.0.3_278:*:*:*:*:*:*:*
part: o version: 1.9.0.3_278 update: *
| Vendor | Arlo (8b28ab23-5f71-5d50-9bc5-1bb77c2db3fa) |
|---|---|
| Product | Q Plus Firmware (7020e058-2b45-5a60-9975-da70863bc62c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-31505 |
vulnerable | 2026-06-03 14:44:33.193330 |
Details available
MEDIUM (6.8)
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.
Published: 2021-06-29T14:33:48.000Z
Updated: 2024-08-03T23:03:33.317Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.