Three vulnerabilities have been identified in the TOTOLINK X6000R router firmware, including a critical unauthenticated command injection flaw that could allow remote attackers to execute arbitrary commands. Users are urged to update to the latest firmware version to mitigate these security risks, which could lead to unauthorized access and service disruptions. Palo Alto Networks offers protective solutions to help secure devices against such vulnerabilities.

A security researcher successfully reverse engineered the Worldline Yomani XR credit card terminal, uncovering significant vulnerabilities, including an exposed root shell accessible through a debug connector. Despite robust tamper resistance features, the device's architecture separates secure and insecure processing, which limits the impact of the exploit but still poses serious security risks. The researcher disclosed the vulnerability to the manufacturer, initiating a timeline for public disclosure.

System Management Mode (SMM) callout vulnerabilities have been discovered in Gigabyte firmware, allowing potential attackers to elevate privileges and execute arbitrary code. Despite previous fixes from the original firmware supplier AMI, these vulnerabilities have reappeared, prompting Gigabyte to release updates. Users are urged to check for firmware updates to secure their systems against exploitation.

Lenovo has announced high-severity BIOS vulnerabilities in its all-in-one desktops that could allow attackers to bypass Secure Boot, particularly affecting models with customized Insyde UEFI firmware. Six flaws discovered by Binarly can lead to privilege escalation and persistent firmware compromise, with security updates already available for some models and planned for others in the coming months.