Hetronic Nova-M

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

Windows Defender ATP has protections for USB and removable devices

Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers official title. Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something is a 512GB USB flash drive! Jimmy picks up the drive, whistlin...

GPON ONT Home Gateway Router is vulnerable to authenticated remote command execution (CVE-2018-10562)

Binary data gponcve-2018-10562.nbin...

The vulnerability of the OAD update mechanism of Texas Instruments’ microprogrammable microcontrollers’ Bluetooth Low Energy technology allows a intruder to gain full control over the device.

The vulnerability of the OAD Over the Air firmware Download update mechanism of Texas Instruments’ Bluetooth Low Energy microcontroller software is due to the repeated release of memory. Exploiting this vulnerability can allow a hacker to gain full control over the device...

Weak Password Vulnerability in Various Security Products of Tiantai Networks

Shanghai Tiantai Network Technology Co., Ltd. is a professional manufacturer and supplier of WEB security and website protection. A weak password vulnerability exists in a number of Tiantai network security products. An attacker can exploit this vulnerability to control security devices, resultin...

The vulnerability of the JunOS operating system, related to deficiencies in authentication procedures, allows attackers to gain full control over the device.

The vulnerability of the JunOS operating system is related to deficiencies in the authentication process during system startup. Exploiting this vulnerability can allow an attacker to gain full control over the device upon initial startup...

CVE-2018-7910

Some Huawei smartphones ALP-AL00B 8.0.0.118DC00, ALP-TL00B 8.0.0.118DC01, BLA-AL00B 8.0.0.118DC00, BLA-L09C 8.0.0.127C432, 8.0.0.128C432, 8.0.0.137C432, BLA-L29C 8.0.0.129C432, 8.0.0.137C432 have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Request Forgery Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

Denial of Service Vulnerability in KsysCall.sys Driver of JM Firewall

Jiangmin Firewall is a network security protection tool designed to address the safety of individual users on the Internet, the product incorporates advanced network access dynamic monitoring technology to thoroughly solve the invasion of hacker attacks, Trojan horse programs and Internet viruses...

GPlayed's younger brother is a banker — and it's after Russian banks

This blog post is authored by Vitor Ventura. Introduction Cisco Talos published its findings on a new Android trojan known as "GPlayed" on Oct. 11. At the time, we wrote that the trojan seemed to be in the testing stages of development, based on the malware's code patterns, strings and telemetry...

IObit Malware Fighter Buffer Overflow Vulnerability

IObit Malware Fighter is a suite of antivirus software for Windows-based platforms. The program has features such as anti-malware and virus protection. A stack buffer overflow vulnerability exists in the IMFCameraProtect.sys file in IObit Malware Fighter version 6.2 and possibly prior to 6.2. An...

CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

CVE-2018-0060

An improper input validation weakness in the device control daemon process dcd of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not...

Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash

An improper input validation weakness in the device control daemon process dcd of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not...

Design/Logic Flaw

A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting applicatio...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

Security feature bypass

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

PLANEX CS-W50HD Default Username Password Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...