kernel: Mishandling mutex within libsas allowing local Denial of Service

The Serial Attached SCSI SAS implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code...

NETGEAR WiFi Router R6120 - Credential Disclosure

NETGEAR WiFi Router R6120 - Credential Disclosure Exploit Title: NETGEAR WiFi Router R6120 - Credential Disclosure Date: 2018-10-28 Exploit Author: Wadeek Hardware Version: R6120 Firmware Version: 1.0.0.30 Vendor Homepage: https://www.netgear.com/support/product/R6120.aspx Firmware Link:...

Modbus Slave PLC 7 - .msw Buffer Overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kağan Çapar Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS:...

Cisco device config dumping

Quick guide to recovering configs from Cisco switches and routers We have recently done work in situations where recovering the Cisco config from one device e.g. an edge switch can give us useful information. This includes: VLANs even for VLANs that are not used on that piece of equipment Which...

Huawei cell phone information leakage vulnerability

Anne-AL00 is a smartphone from Huawei. An information disclosure vulnerability exists in the Huawei Anne-AL00 phone. An attacker connecting the phone via USB can exploit this vulnerability to obtain device-specific information about the phone due to improper privilege settings for specific comman...

CVE-2018-17534

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges...

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware...

September 13, 2016 — KB3189866 (OS Builds 14393.187 and 14393.189)

September 13, 2016 — KB3189866 OS Builds 14393.187 and 14393.189 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows Shell, map apps, Internet Explorer 11, and...

Receiver for Linux: How to Redirect COM/Serial Port?

This an How-To document on COM/Serial Port redirection for Rflinux...

CVE-2017-18347

CVE-2017-18347 affects STMicroelectronics STM32F0 series devices; the root cause is a race condition between full SWD interface initialization and flash protection setup, enabling physically present attackers to extract protected firmware via a specific SWD command sequence on Level 1 RDP. The co...

CVE-2017-18347

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug SWD commands because there is a race condition between full initialization of the SWD...

Schneider Electric Serial Modbus Driver Buffer Overflow

OVERVIEW Carsten Eiram of Risk-Based Security has identified a stack-based buffer overflow vulnerability in Schneider Electric’s Serial Modbus Driver that affects 11 Schneider Electric products. Schneider Electric has produced patches that mitigate this vulnerability. This vulnerability can be...

DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, reported an improper input...

CVE-2018-7938

P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...

Linux kernel elevation of privilege vulnerability (CNVD-2018-19417)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An elevation of privilege vulnerability exists in the yurexread file in drivers/usb/misc/yurex.c in versions of the Linux kernel prior to 4.17.7, which can be exploite...

OpenSC Buffer Overflow Vulnerability (CNVD-2019-28622)

OpenSC is an open source smart card tool and middleware. A buffer overflow vulnerability exists in the 'cacgetserialnrfromCUID' function in the libopensc/card-cac.c file in versions prior to OpenSC 0.19.0-rc1. An attacker could use this vulnerability to cause a denial of service application crash...

UBUNTU-CVE-2018-16276

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

Huawei P10 Information Disclosure Vulnerability

Huawei P10 is a smartphone product of the Chinese company Huawei Huawei. An information leakage security vulnerability exists in the Huawei P10 phone due to a lack of permission checking. An attacker induced users to install a malicious application, which could read certain hardware serial number...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak...

CVE-2018-14786

Becton, Dickinson and Company BD Alaris Plus medical syringe pumps models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provabl...