196 matches found
[SECURITY] Fedora 34 Update: arm-none-eabi-newlib-4.1.0-1.fc34
Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...
Unspecified Vulnerability in Das U-Boot (CNVD-2021-18393)
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2, which stems from the loader...
Unspecified Vulnerability in Das U-Boot (CNVD-2021-18392)
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...
Wind River VxWorks Buffer Overflow Vulnerability
Wind River VxWorks is an operating system from Wind River, Inc. the industry-leading real-time operating system for building embedded devices and systems. A buffer overflow vulnerability exists in Wind River VxWorks versions 6.5 through 7, which can be exploited by a remote attacker to submit a...
[SECURITY] Fedora 32 Update: arm-none-eabi-newlib-4.1.0-1.fc32
Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...
Fedora: Security Advisory for arm-none-eabi-newlib (FEDORA-2021-332fb9c796)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: arm-none-eabi-newlib-4.1.0-1.fc33
Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...
Red Hat newlib libc 输入验证错误漏洞
Red Hat newlib libc is a C language library from Red Hat, Inc. that is primarily used for embedded systems. A security vulnerability exists in newlib in versions prior to 4.0.0, which stems from improper overflow validation of the memory allocation functions mEMALIGn, pvALLOc, nanomemalign,...
Das U-Boot 安全漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...
Das U-Boot 安全漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2, which stems from the loader...
Reverse Engineering Keys from Firmware. A how-to
TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...
USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities
It was discovered that ReadyMedia MiniDLNA allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. CVE-2020-12695 It was discovered th...
Wolfssl Trust Management Issues Vulnerabilities
Wolfssl CyaSSL is the United States Wolfssl company for embedded systems developers to use a small, portable embedded SSL programming library. A trust management issue vulnerability exists in the DoTls13CertificateVerify function in the WolfSSL version 4.6.0 tls13.c file, which stems from not...
Wind River ‘Security Incident’ Affects SSNs, Passport Numbers
Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...
Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability
Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...
Ripple20 Treck TCP/IP Stack Vulnerabilities
Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A summary of JSOF’s research is here, along with a technical whitepaper. See the Rapid7 Analysis tab for further...
Treck TCP/IP Buffer Error Vulnerability
Treck TCP/IP is a TCP Transmission Control Protocol/IP Internet Interconnection Protocol suite from Treck, Inc. dedicated to embedded systems. A security vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP server...
'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices
Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency CISA – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things IoT devices and embedded systems, including smart thermometers, smart plugs and printers...
musl libc buffer error vulnerability
musl libc is musl open source an open source C language standard library . Mainly used for embedded systems and mobile devices and so on. A buffer error vulnerability exists in musl libc version 1.2.1 and earlier versions, which stems from wcsnrtombs incorrectly handling a specific combination of...
Brute forcing device passwords
When working with IoT and embedded systems, brute-force password guessing attacks are an effective tool to gain access. Over the years, I’ve learned some tips and tricks to make these attacks more effective. What is brute forcing? Very simply, it’s guessing passwords so that you can find a valid...