Totolink A720R License Issue Vulnerability

The Totolink A720R is a wireless router from Taiwan, China's Gion Electronics Totolink. The Totolink A720R suffers from an authorization issue vulnerability in version V4.1.5cu.470B20200911, which stems from an improper implementation of the form login feature in the software version, and can be...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...

Swisslog Healthcare Nexus Panel 安全漏洞

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

Race condition

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet AE interface units, a Time-of-check Time-of-use TOCTOU Race Condition vulnerability between the Device Control Daemon DCD and firewall process dfwd daemons of Juniper Networks Junos OS allows an attacker to...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Junos OS that arises from a check-time contention condition between the device control...

IOBit Advanced SystemCare Ultimate exposed IOCTL 0x9c40a148 vulnerability

Summary An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerabilit...

CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device...

CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device...

CVE-2021-22439

Huawei AnyOffice is affected by a deserialization vulnerability in version V200R006C10. The issue allows an attacker to craft a specific request to achieve remote code execution and take control of the device. Root cause is deserialization of untrusted data, with exploitation described as feasibl...

CVE-2021-33534

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device...

Weidmueller Industrial WLAN 操作系统命令注入漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. The Weidmueller Industrial WLAN devices operating system command injection vulnerability can be exploited by an attacker to take full control of the device via specially crafted network configuration information...

Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product

There is a deserialization vulnerability in Huawei AnyOffice product. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Vulnerability ID:...

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker t...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

CVE-2021-30167

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...

Information disclosure

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

CVE-2021-30167 MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication

The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices...

CVE-2021-30168

CVE-2021-30168 affects Merit Lilin ENT Co. IP cameras (P2/Z2/Z3). The root cause is an information-disclosure vulnerability that allows a remote attacker to improperly obtain/ Grant administrator credentials and take control of the device. Public reports describe sensitive data exposure and unaut...