VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a heap causing denial of service or arbitrary code execution;...

2w

VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass vulnerability that allows an unauthenticated user to access content from both inside and outside the network. The second is a stack-based buffer overflow that allows an instruction...

2w

VU#709991: Netatalk contains multiple error and memory management vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is...

Nov 2022

VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing attacks that can lead to code execution. These threats are...

Nov 2022

VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the vulnerabilities has reduced from CRITICAL to HIGH, and OpenSSL...

Nov 2022

VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference

Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description A flawed logical condition allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted...

Oct 2022

VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

Overview Microsoft Exchange 2019 Cumulative Update 23 and earlier versions are vulnerable to a server-side request forgery (SSRF) attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary code on the target Exchange server. Description Microsoft Exchange...

Oct 2022

VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network....

Sep 2022

VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process. Description UEFI firmware is software written by vendors...

Aug 2022

VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Overview Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Description The muhttpd, hosted at SourceForge as an opensource...

Aug 2022