Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1769 Open Automation Software OAS Platform OAS Engine authentication bypass vulnerability September 5, 2023 CVE Number CVE-2023-31242 SUMMARY An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platfor...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

PT-2022-16334 · Tcl · Tcl Linkhub Mesh Wifi Ms1G 00 01.00 14

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wifi MS1G 00 01.00 14 Description: A stack-based buffer overflow issue exists in the confsrv set mf rule functionality. This can be triggered by a specially-crafted network packet, leading to a stack-based buffer overflow. Th...

Fortinet FortiClient 信息泄露漏洞

Fortinet FortiClient is a fabric agent from Fortinet USA, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client.An information disclosure vulnerability exists in Fortinet FortiClient for Linux. An unauthenticated attacker could exploit the...

CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-28593

Summary: CVE-2020-28593 affects Cosori Smart 5.8-Quart Air Fryer CS158-AF (version 1.1.0) and is exploitable via an unauthenticated backdoor in the device’s configuration server. Multiple sources describe that a specially crafted JSON object can trigger remote code execution after the device regi...

CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

PT-2021-11563 · Cosori · Cosori Smart 5.8-Quart Air Fryer Cs158-Af

Name of the Vulnerable Software and Affected Versions: Cosori Smart 5.8-Quart Air Fryer CS158-AF version 1.1.0 Description: A backdoor exists in the configuration server functionality, allowing for code execution through a specially crafted JSON object. An attacker can send a malicious packet to...

PT-2021-11562 · Cosori · Cosori Smart 5.8-Quart Air Fryer Cs158-Af

Name of the Vulnerable Software and Affected Versions: Cosori Smart 5.8-Quart Air Fryer CS158-AF version 1.1.0 Description: A heap-based buffer overflow issue exists in the configuration server functionality. This can be triggered by a specially crafted JSON object, potentially leading to remote...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...

CVE-2020-27692

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...

Information Disclosure

Aeolus Configuration Server is vulnerable to information disclosure. Passwords are stored in plain text in the world-readable /var/log/aeolus-configserver/configserver.log file. A local attacker could use this flaw to obtain the administrative passwords for other services...

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

Cisco Patches Authentication Bypass in Cisco Prime Home

Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...

o2 DSL Auto Configuration Server Credential Disclosure

Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials The o2 Auto Configuration Server ACS discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This...