Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which stems from a lack of replay attack protection in the GUTI REALLOCATION COMMAND message...

The vulnerability of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series, WDR-3124A Series, microprogrammed software in Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series lies in the use of rigidly encrypted account data, which allows attackers to escalate their privileges.

The vulnerability of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series, WDR-3124A Series, microprogrammed software in Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series is related to the use of rigidly encrypted login credentials. Exploiting this...

The vulnerability of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series and WDR-3124A Series, as well as in microprogrammed software for Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series, arises from the use of non-unique X.509 certificates and host SSH keys. This vulnerability allows attackers to escalate their privileges.

The vulnerabilities of microprogrammed software in industrial modems of the OnCell G3470A-LTE Series, WDR-3124A Series, microprogrammed software in Wi-Fi routers of the TAP-323 Series, WAC-1001 Series, and WAC-2004 Series are related to the use of non-unique X.509 certificates and host SSH keys...

Updated kernel packages fix security issues and possible filesystem corruption

This kernel update is based on upstream 5.10.20 and fixes at least the following security issues: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw...

Cross-Site Scripting Vulnerability in Multiple Netgear Products

NETGEAR NETGEAR WNR1000V4 is a wireless router.NETGEAR D6200 is a wireless modem.NETGEAR D7000 is a wireless modem.NETGEAR WNR2020 is a wireless router. NETGEAR JR6150 is a wireless router.NETGEAR R6220 is a wireless router.NETGEAR R6020 is a router.NETGEAR R6050 is a router.NETGEAR R6080 is a...

Cross-Site Scripting Vulnerability in Multiple Netgear Products

NETGEAR NETGEAR WNR1000V4 is a wireless router.NETGEAR D6200 is a wireless modem.NETGEAR D7000 is a wireless modem. Certain NETGEAR devices are affected by a cross-site scripting vulnerability in the following products and versions: D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before...

Cross-Site Scripting Vulnerability in Multiple Netgear Products

NETGEAR NETGEAR WNR1000V4 is a wireless router.NETGEAR D6200 is a wireless modem.NETGEAR D7000 is a wireless modem.NETGEAR WNR2020 is a wireless router. NETGEAR JR6150 is a wireless router.NETGEAR R6220 is a wireless router.NETGEAR R6020 is a router.NETGEAR R6050 is a router.NETGEAR R6080 is a...

ZTE ZXHN F670 and ZTE ZXHN H108N Input Validation Error Vulnerability

The ZTE ZXHN F670 and the ZTE ZXHN H108N are both modems from China's ZTE Corporation ZTE. An input validation error vulnerability exists in some of the ZTE devices, which stems from the fact that these devices support configuration of static prefixes via a web management page. It is possible to...

[SECURITY] Fedora 32 Update: hylafax+-7.0.3-1.fc32

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

NETGEAR D3600 and D6000 Input Validation Error Vulnerability

The NETGEAR D3600 and NETGEAR D6000 are both a wireless modem from NETGEAR. A security vulnerability exists in the NETGEAR D3600 prior to version 1.0.0.76 and the D6000 prior to version 1.0.0.76, which stems from a misconfiguration of security settings. No details of the vulnerability are availab...

Injection Vulnerability in Multiple NETGEAR Products (CNVD-2020-30689)

NETGEAR R6250 and others are products of NETGEAR USA.NETGEAR R6250 is a wireless router.NETGEAR D6400 is a wireless modem.NETGEAR D6220 is a wireless modem. An injection vulnerability exists in a number of NETGEAR products. The vulnerability stems from a lack of proper validation of user input da...

Point-to-Point Protocol Daemon Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take control of an affected system. Point-to-Point Protocol Daemon is used to establish...

'Cable Haunt' Bug Plagues Millions of Home Modems

UPDATED Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture that would allow an attacker full remote control of the device. The footprint for the affected devices numbers in the hundreds of millions worldwide...

Multiple vendor based Broadcom cable modems buffer overflow vulnerability

Sagemcom F@st 5260, Sagemcom F@st 3890 etc. is a router.Technicolor TC7230 STEB is a wireless router. A buffer overflow vulnerability exists in Broadcom cable modems based on multiple vendors. A remote attacker could execute arbitrary code in the kernel via JavaScript running in the victim's...

BSA-2020-896

Security Advisory ID : BSA-2020-896 Component : spectrum analyzer Revision : 1.0: Final A group of Security Researchers havereleased a vulnerability namedCable Haunt. According to the researchers,Cable Haunt was found in Broadcom Cable modems and affects various manufacturers across the world. Mo...

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...

Buffer overflow

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...

CVE-2019-19494

CVE-2019-19494 describes a buffer overflow in Broadcom-based cable modems that enables remote code execution at the kernel level via JavaScript in a victim’s browser. Affected devices include Sagemcom F@st 3890 (before 50.10.21_T4; before 05.76.6.3f), Sagemcom F@st 3686 (3.428.0; 4.83.0), NETGEAR...

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...