PT-2023-21365 · Seowon Intech · Seowonintech Swc 5100W Wimax Bootloader

Name of the Vulnerable Software and Affected Versions: SeowonIntech SWC 5100W WIMAX Bootloader version 1.18.19.0, HW version 0.0.7.0, and FW versions 1.11.0.1, 1.9.9.4 Description: The issue allows attackers to take over the system with root privilege by abusing the doSystem function, enabling OS...

Seowon Intech SWC 5100W WIMAX Bootloader 操作系统命令注入漏洞

Seowon Intech SWC 5100W WIMAX Bootloader is a bootloader from Seowon Intech, Korea. A security vulnerability exists in the Seowon Intech SWC 5100W WIMAX Bootloader version 1.18.19.0, HW 0.0.7.0, FW 1.11.0.1, and 1.9.9.4, which stems from susceptibility to operating system command injection attack...

CVE-2023-27826

CVE-2023-27826 affects SeowonIntech SWC 5100W WIMAX Bootloader: vulnerable components are bootloader version 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1 and 1.9.9.4. Root cause is an OS command injection via the doSystem() function, enabling an attacker to take over the system with root privileges. Pu...

CVE-2023-27826

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem function...

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated Remote Code Execution Exploit

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested on: Unix CVE :...

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the mtdwritebootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CP900 命令注入漏洞

The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. A security vulnerability exists in the TOTOLINK CP900 due to a command injection issue in the filename parameter of the mtdwritebootloader function...

[bootloader] A bytecode hash without the bytecode (preimage) can be marked as known, breaking the prover

Lines of code Vulnerability details This is a report of a finding in bootloader.yul. While the file is out of scope of the contest, the sponsor stated that they would still accept findings in the file and would judge them separately from the contest. Impact A bytecode hash for which the bytecode...

bootloader doesn't add tighter gas limit to the IAccount.validateTransaction call

Lines of code Vulnerability details Impact As mentioned in the competition details: Important, while the bootloader is out of scope, we may reward an additional bounty for valid bugs found in it by our judgement! As mentioned in the dev document, , there are some limitations of the verification a...

Operator can cause funds to be stolen by manipulating gas fee refund

Lines of code Vulnerability details Impact An operator can manipulate the refund of gas fee mechanism to steal from the bootloader balance. Inside refundCurrentL2Transaction function in the bootloader where the refund is happening for the refund recipient at L1097, the operator provides a value f...

Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure (cisco-sa-iosxr-load-infodisc-9rdOr5Fq)

According to its self-reported version, Cisco IOS XR is affected by an information disclosure vulnerability. An unauthenticated attacker with physical access can exploit this, by being connected to the console port when the device is power cycled, in order to view sensitive files. Please see the...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which stems from a security issue in GRand Unified Bootloader GRUB, which can be exploited by an attacker to view sensitive files on the console using the GRUB bootload...

CVE-2023-20064

CVE-2023-20064 affects Cisco IOS XR Software. A vulnerability in the GRand Unified Bootloader (GRUB) allows a local, unauthenticated attacker with physical access to view sensitive files via the console during power-cycle, due to unnecessary commands in the GRUB environment. Exploitation requires...

CVE-2023-20064 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability

A vulnerability in the GRand Unified Bootloader GRUB for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary comman...

Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability

A vulnerability in the GRand Unified Bootloader GRUB for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary comman...

PT-2023-2264 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the GRand Unified Bootloader GRUB for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive fil...

The vulnerability of the Bootloader component of AMD processors allows a hacker to trigger a system failure.

The vulnerability of the Bootloader component of AMD processors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

OESA-2023-1121 shim security update

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. Security Fixes: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structur...

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...