CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

CVE-2019-10538

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-10538

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2019-10538

CVE-2019-10538 is a Qualcomm Qualcomm WLAN/modem/Linux-kernel-driver issue caused by a lack of check of address range received from firmware, allowing the modem to respond with arbitrary pages into the HLOS address space and potentially compromise the device OS. Affected stack includes Snapdragon...

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

In case you missed it. SimJacker vulnerability is concerning because it can be executed: ➡️ against mass audience, ➡️ against devices manufactured by any vendor, ➡️ with just a $10 GSM modem, ➡️ and there's nothing much affected users can do. Details — https://t.co/BPApXsNghe...

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

In case you missed it. SimJacker vulnerability is concerning because it can be executed: ➡️ against mass audience, ➡️ against devices manufactured by any vendor, ➡️ with just a $10 GSM modem, ➡️ and there's nothing much affected users can do. Details — pic.twitter.com/ByXhMGB0Hl...

Information Leakage

docker-modem is vulnerable to information leakage. The optionf variable in the function Modem.prototype.dial is not properly handled and used in the buildRequest function, causing a leakage of header information which may contain confidential information...

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker," the vulnerability resides in a...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-20152)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.Qualcomm MDM9150 is a central processing unit CPU product.SDX20 is a modem. Multiple Qualcomm products are vulnerable to input validation errors, and no detailed vulnerability detail...

ZTE ZXHN F670 Command Injection Vulnerability

The ZTE ZXHN F670 is a modem from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE ZXHN F670. An attacker can exploit this vulnerability to execute illegal commands...

Fedora Update for mgetty FEDORA-2019-732b5488c2

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: mgetty-1.2.1-6.fc29

The mgetty package contains a "smart" getty which allows logins over a serial line i.e., through a modem. If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a...

Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs

UPDATE Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction...

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction. Discovered by security researchers from Tencent's Blade team, the vulnerabilities...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-20157)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.The MDM9206 is a central processing unit CPU product.The MDM9607 is a central processing unit CPU product.The SDX24 is a modem.The MDM9206 is a central processing unit CPU product.The MDM9607 is a central processing unit CPU...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage:...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage:...

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492 Exploit Author: ABDO10 Date : July, 11th 2019 Product : Tenda D301 v2 Modem Router version : v2 Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/ Tested on: Linux CVE : 2019-13491 Poc...

Siemens SIMATIC Teleservice Adapter IE Modem 6ES7972-0EM00-0XA0

Binary data 764661.prm...

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming

Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within a network. With ethernet ports becoming less common on new hardware, many people have been forced into deploying an array of various dongles and...