Zephyr Memory Corruption Vulnerability

Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. A memory corruption vulnerability exists in Zephyr versions 1.14.2, 2.3.0. A local attacker can exploit this vulnerability by sending a malformed SPI response that corrupts kernel memory in the...

Unspecified Vulnerability in Zephyr

Zephyr is a small real-time operating system for connected, resource-constrained embedded devices. A security vulnerability exists in Zephyr versions = v1.14.2 and = v2.2.0. The vulnerability stems from improper input validation. An attacker could exploit the vulnerability to cause a denial of...

Perth Dropbear Security Vulnerability

Perth Dropbear is a lightweight SSH server/client software from the University of Perth, Australia that is primarily used in embedded devices. A security vulnerability exists in Dropbear before 2020.79 that stems from incorrectly processed filenames, or empty filenames...

Siemens Nucleus NET Predictable Initial Sequence Vulnerability

The Nucleus NET module contains a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. A security vulnerability exists in Siemens Nucleus NET. An attacker could exploit the vulnerability to...

[SECURITY] [DSA 4847-1] connman security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4847-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 08, 2021 https://www.debian.org/security/faq -...

[SECURITY] Fedora 32 Update: monitorix-3.13.1-1.fc32

Monitorix is a free, open source and lightweight system monitoring tool designed to monitor as many services and system resources as possible. It h as been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well...

Emba - An Analyzer For Linux-based Firmware Of Embedded Devices

emba is being developed as a firmware scanner that analyses already-extracted Linux-based firmware images. It should help you to identify and focus on the interesting areas of a huge firmware image. Although emba is optimized for offline firmware images, it can test both, live systems and extract...

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

CISA and the CERT Coordination Center CERT/CC are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things IoT and other embedded devices....

Perth Dropbear Information Disclosure Vulnerability

Perth Dropbear is a lightweight SSH server/client software from the University of Perth, Australia that is primarily used in embedded devices. A security vulnerability exists in Dropbear versions 2011.54 through 2018.76 that stems from an inconsistent failure delay time, which could result in the...

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

OAID Tengine Lite Buffer Error Vulnerability

OAID Tengine Lite is a tool from the OAID organization that implements the need for fast and efficient deployment of deep learning neural network models on embedded devices. OAID Tengine Lite 5.0.55.2 suffers from a buffer error vulnerability that stems from a buffer overflow and crash in the...

Critical Flaws in Millions of IoT Devices May Never Get Fixed

Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices...

Awesome-Red-Teaming

This is a list of resources for Red Teaming, a list that will be updated regularly with the latest adversarial tactics and techniques based on the Mitre ATT&CK framework. The list covers various topics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credenti...

Vulnerability Spotlight: Code execution, information disclosure vulnerabilities in F2FS toolset

Vulnerabilities discovered by a Cisco Talos researcher. Blog by Jon Munshaw. Cisco Talos recently discovered multiple code execution and information disclosure vulnerabilities in various functions of the F2FS toolset. F2FS is a filesystem toolset commonly found in embedded devices that creates,...

F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the fsckchkorphannode functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

Chasing doorbells: Finding IoT vulnerabilities in embedded devices

The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our...

F2fs-tools fsck.f2fs sanity_check_area_boundary code execution vulnerability

Summary An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this...

Amazon Kindle, Embedded Devices Open to Code-Execution

Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose. Researche...

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider source with an install base covering 90% of the Fortune 100 companies source, with products targeting a wide spectrum of...

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider source with an install base covering 90% of the Fortune 100 companies source, with products targeting a wide spectrum of...