Vulnerability of the driver /drivers/android/binder.c in the Android operating system, allowing a hacker to gain full control over the device

The vulnerability in the Android operating system’s driver/driver/binder.c code relates to the use of memory after it is freed. Exploiting this vulnerability can allow a hacker to gain full control over the device by using a specially created application...

Unauthorized access vulnerability in Xiaomi Mi Home Smart Platform

Xiaomi Mijia Intelligent Platform is Xiaomi's open platform for the IoT field, which can realize the interconnection of consumer smart hardware such as smart home devices, smart home appliances, smart wearable devices, smart travel devices and other consumer smart hardware. Xiaomi Mijia intellige...

The vulnerability in the virtual remote connection service for microprogramming control devices of the BMC Supermicro family allows a hacker to gain full control over the device.

The vulnerability of the virtual remote connection service for Microprogramming Software Control Devices of Supermicro is due to insufficient security restrictions for critical management functions. Exploiting this vulnerability allows a malicious actor to gain full control over the device by...

ASUS SmartHome Gateway HG100 Access Control Bypass Vulnerability

The ASUS SmartHome Gateway HG100 is a smart home central control gateway device. The ASUS SmartHome Gateway HG100 implementation suffers from a security vulnerability that allows a remote attacker can exploit the vulnerability to submit special requests that can bypass security restrictions and...

CVE-2019-11063

A broken access control vulnerability in SmartHome app Android versions up to 3.0.42190515, ios versions up to 2.0.22 allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway HG100 via http://target/smarthome/devicecontrol witho...

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

Information disclosure

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

CVE-2017-8333

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

Computrols CBAS Web Authentication Bypass Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. An authentication bypass vulnerability exists in Computrols CBAS Web. An unauthenticated attacker could use this vulnerability to bypass authentication and gain full control of the device...

Step 9. Protect your OS: top 10 actions to secure your environment

In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...

Use-After-Free

Linux kernel is vulnerable to use-after-free attacks. This is because the way the Linux kernel's KVM hypervisor implements its device control API While creating a device via kvmioctlcreatedevice. An attacker could use this flaw to crash the guest VM resulting in a denial of service issue or...

Three Common Questions (and Answers) About Next-Gen AV

Most organizations with traditional, or legacy, antivirus AV solutions are well aware that they are no longer protected from the more advanced tactics and threats of attackers today. Signatures just can’t keep up with emerging threats. But that doesn’t mean that everyone is ready to dive head fir...

Session fixation

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated...

EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1255)

According to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating ...

The vulnerability of the microprogramming software of the Dasan GPON router, related to deficiencies in authentication procedures, allows a hacker to gain full control over the device.

The vulnerability of the microprogramming software of the Dasan GPON router is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the device by adding “?images/” to the URL in the browse...

WSD-T13 Cloud Storage Camera with Override Add Vulnerability

Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera has an override add vulnerability. The vulnerability is due to the manufacturer's use of the default password. Allows attackers to exploi...

The vulnerability of the disk-check.sh and harcap.sh scripts within the Cisco Wide Area Application Services Software package allows a hacker to elevate their privileges to the root level and gain full control over the device.

The vulnerability of the disk-check.sh and harcap.sh scripts within the Cisco Wide Area Application Services Software package is related to errors in the script validation process. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level and gain full...

AudioCodes 400HD Command Injection Vulnerability

AudioCodes 400HD is a 400HD series IP phone product from AudioCodes Israel. A command injection vulnerability exists in the AudioCodes 400HD, which arises from the program failing to properly filter user input, and can be exploited by an attacker to inject arbitrary commands and take control of t...

CVE-2018-18995

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...