VDE-2025-085
Sept. 22, 2025, 10:00 vorm.
A path traversal flaw in the SmartEMS upload handling allows authenticated users to direct upload data outside of the intended directory via the 'Upload-Key' header. In deployments where writable, code-interpreted …
VDE-2025-076
Aug. 26, 2025, 9:00 vorm.
A hard-coded JWT secret in the egOS WebGUI backend is readable to the default user, allowing attackers to forge valid tokens and access protected API endpoints.
VDE-2024-043
Aug. 22, 2024, 8:00 vorm.
Products from the Edge Gateway Family are affected by recently published so called RegreSSHion vulnerability.
VDE-2024-023
April 23, 2024, 10:00 vorm.
Welotec has been informed by an external source that the WebUI of the device management solution "SMART EMS" and the remote connectivity solution "VPN Security Suite" is vulnerable to so-called …
VDE-2024-009
Mai 14, 2025, 2:28 nachm.
Welotec has closed two vulnerabilities in the TK500v1 router series and advises to update the routers to firmware version r5542 or later. An exploitation of the vulnerabilities can allow an …