Cisco Firepower Threat Management Console Hard-coded MySQL Credentials

Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Authentication Bypass CVE-ID:...

Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution

Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Title: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Advisory ID:...

Cisco Firepower Threat Management Console Denial Of Service

KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service Title: Cisco Firepower Threat Management Console Authenticated Denial of Service Advisory ID: KL-001-2016-004 Publication Date: 2016.10.05 Publication URL:...

Cisco Firepower Threat Management Console Local File Inclusion

Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path Impact: Information Disclosure Attack...

Cisco Firepower Threat Management Console 6.0.1 - Remote Command Execution

KL-001-2016-007 : Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Title: Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access Advisory ID: KL-001-2016-007 Publication Date: 2016.10.05 Publication URL:...

Cisco Firepower Threat Management Console Authenticated Denial of Service

Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-404: Improper Resource Shutdown or Release Impact: Denial of Service Attack vector:...

BASHLITE Family Of Malware Infects 1 Million IoT Devices

More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say. According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web ...

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things IoT trend is on the rise and here to stay. This has the potentia...

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things IoT trend is on the rise and here to stay. This has the potentia...

uclibc-ng and uclibc remote code execution vulnerabilities

Both uclibc-ng and uclibc are C libraries for developing embedded Linux systems. A remote code execution vulnerability exists in uclibc-ng and uclibc, which could be exploited by an attacker to execute arbitrary code in an affected device, possibly also resulting in a denial of service...

Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)

Ubiquiti Administration Portal - Remote Command Execution via Cross-Site Request Forgery !-- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date:...

Ubiquiti Administration Portal CSRF / Remote Command Execution

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt 1...

Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)

Exploit for hardware platform in category web applications !-- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL:...

Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)

!-- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.tx...

Ubiquiti Administration Portal CSRF to Remote Command Execution

Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...

Uclibc-ng Denial of Service Vulnerability

Uclibc-ng is a C library for developing embedded Linux systems. A denial of service vulnerability exists in Uclibc-ng. An attacker can exploit this vulnerability to cause a denial of service...

Arris DG1670A Cable Modem Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution Title: Arris DG1670A Cable Modem Remote Command Execution Advisory ID: KL-001-2016-001 Publication Date: 2016.02.12 Publication URL:...

ziggystartux

ziggystartux A Kaiten rewrite, with much new functionality, an...

Arris DG1670A Cable Modem Remote Command Execution

Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...

Seagate GoFlex Satellite Remote Telnet Default Password Vulnerability

Seagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled. Title: Seagate GoFlex Satellite Remote Telnet Default Password Publication URL:...