{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T20:09:46.044552Z","vulnerabilities":[{"cve":{"id":"CVE-2025-32409","sourceIdentifier":"cve@mitre.org","published":"2025-04-07T22:15:16.963","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency."},{"lang":"es","value":"Ratta SuperNote A6 X2 Nomad antes de diciembre de 2024 permite la ejecución remota de código porque se puede enviar una imagen de firmware arbitraria (firmada con claves de depuración) al puerto TCP 60002 y colocarla en la ubicación de actualización de imagen correcta como consecuencia tanto de directory traversal como de la gestión no intencionado de la simultaneidad."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet","source":"cve@mitre.org"},{"url":"https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}