CVE-2025-12422 — CVSS 9.8 (critical): Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through…
CVE-2025-12424 — CVSS 9.8 (critical): Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12599 — CVSS 9.8 (critical): Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12600 — CVSS 9.8 (critical): Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12602 — CVSS 9.8 (critical): /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12603 — CVSS 9.8 (critical): /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12104 — CVSS 9.8 (critical): Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through…
CVE-2025-12176 — CVSS 9.8 (critical): Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects…
CVE-2025-12219 — CVSS 9.8 (critical): Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12220 — CVSS 9.8 (critical): Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12217 — CVSS 9.1 (critical): SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12221 — CVSS 8.8 (high): Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12479 — CVSS 8.8 (high): Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5…
CVE-2025-12425 — CVSS 7.8 (high): Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12363 — CVSS 7.5 (high): Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12423 — CVSS 7.5 (high): Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12601 — CVSS 7.5 (high): Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12278 — CVSS 6.5 (medium): Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-11925 — CVSS 6.1 (medium): Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of…
CVE-2025-12284 — CVSS 6.1 (medium): Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through…
CVE-2025-12001 — CVSS 6.1 (medium): Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through…
CVE-2025-12114 — CVSS 5.5 (medium): Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2…
CVE-2025-12216 — CVSS 5.5 (medium): Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5…
CVE-2025-12517 — CVSS 5.3 (medium): Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12365 — CVSS 5.3 (medium): Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12031 — CVSS 5.3 (medium): HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript…