#cwe-341 主题 - Cyber Security Daily Radar

CVE-2026-36609

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding (securityEncode function), this allows an attacker to reverse captured authentication tokens to recover the plaintext password.

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: 影响边界/网络设备 (+5) | Primary 数据源 (+3) | LLM 评分加成 (+0.4)

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

💡 风险点: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: 有可用补丁/修复方案 (+3) | Secondary 数据源 (+2) | 包含 CVE (+2) | LLM 评分加成 (+0.4)

CVE-2026-42365

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

Cyber Security Daily Radar

#cwe-341

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with t...

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision...

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an ...