CVE-2025-27850
- EPSS 0.39%
- Veröffentlicht 13.05.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 18:49:39
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict th...
CVE-2025-27851
- EPSS 0.15%
- Veröffentlicht 13.05.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 19:04:03
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network att...
- EPSS 0.14%
- Veröffentlicht 13.05.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 19:02:07
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage....
CVE-2025-27853
- EPSS 0.3%
- Veröffentlicht 13.05.2026 00:00:00
- Zuletzt bearbeitet 02.06.2026 18:55:42
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU s...