By weakness (CWE)
CWE-319: related vulnerabilities
CVEs classified under CWE-319. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
6 published vulnerabilities
- CVE-2026-34126HIGH 7.5
TP-Link's Tapo smart home devices—the L535E light strip, P300 smart plug, and D100C chime—send unencrypted Bluetooth data during initial setup. An attacker nearby could intercept this traffic, eavesdrop on setup credentials or configuration, or manipulate the transmitted data to take control of a device while it's being paired. The vulnerability only affects the initialization phase; once setup is complete, Bluetooth is not used. The practical threat depends on physical proximity and whether an attacker is present during a user's setup window, which typically occurs in the home or office.
- CVE-2026-25599MEDIUM 6.3
This vulnerability affects Orca heat pump devices and their control portal. An attacker can intercept unencrypted communications between older Orca heat pumps and the control server, impersonate a legitimate device, and inject malicious code into the web portal. This injected code can steal user session cookies, compromise accounts, expose sensitive information, and grant attackers unauthorized access to the portal. The core issues are the lack of authentication, unencrypted HTTP connections, and missing input validation.
- CVE-2023-52951MEDIUM 5.9
Synology Note Station Client versions before 2.2.4-703 transmit user credentials in cleartext over the network, allowing attackers positioned to intercept traffic—such as those on the same Wi-Fi network or controlling network infrastructure—to capture login credentials. This is a network-based credential theft vulnerability that does not require authentication or user interaction to exploit, though the attacker must be able to intercept the specific traffic.
- CVE-2026-10584MEDIUM 5.9
Graph Explorer versions prior to 3.0.1 contain a flaw in their proxy server that causes HTTPS connections to silently downgrade to unencrypted HTTP when certificate files are unavailable. An attacker positioned to intercept network traffic could potentially eavesdrop on sensitive information that was intended to be transmitted securely. This is a configuration-dependent issue—the vulnerability manifests only when certificates are missing—but the silent fallback behavior makes it particularly insidious because applications may not explicitly warn users that encryption has been disabled.
- CVE-2026-36610MEDIUM 5.9
Mercusys AC12G (EU) V1 routers with firmware version AC12G(EU)_V1_200909 transmit Dynamic DNS (DDNS) credentials using only Base64 encoding over unencrypted HTTP connections. Base64 is not encryption—it's merely encoding and can be trivially decoded by anyone observing network traffic. Because the firmware lacks TLS/SSL support entirely, an attacker positioned on the network path can intercept and recover DDNS service credentials, potentially compromising the domain name update service tied to the affected router.
- CVE-2026-43625MEDIUM 5.9
CodexBar versions before 0.32.0 have a vulnerability where session cookies imported from your browser can be intercepted over the network. When CodexBar redirects requests to Amp or Ollama providers, attackers positioned on your network path can capture these cookies if the redirect sends them over unencrypted HTTP. This requires the attacker to be on the network between you and the provider, but the leaked cookies could grant them access to your sessions on those services.