168 matches found
CVE-2021-30298
Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...
CVE-2020-9063
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
Hardcoded credentials
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
CVE-2020-12024
CVE-2020-12024 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4, 1.5). Root cause: inadequate restriction of USB interface access by unauthorized users with physical access, enabling loading of unauthorized payloads or direct hard driv...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
Turning an OBD-II reader into a USB / NFC attack tool
One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...
CVE-2019-19526
A use-after-free flaw was found in the pn533usbprobe USB interface in the Linux kernel. If the driver registration fails it needs to do all the cleanup activity and free all the related resources. A malicious USB device can cause this process to fail, causing a use-after-free vulnerability. Syste...
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines, which allows a perpetrator to cause a service failure.
The vulnerability of the built-in software of the “Granit-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to trigger a service failure by sending a specially crafted SMS command e.g., BB+GP=vuln%x when connecting to th...
Rockwell Automation 1784-U2CN USB Interface Communication Adapter
Binary data 752990.prm...
Rockwell Automation 1784-U2DN USB Interface Communication Adapter
Binary data 752991.prm...
CVE-2018-7924
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
Design/Logic Flaw
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
CVE-2018-7924
CVE-2018-7924 affects Huawei Anne-AL00 phones with versions earlier than 8.0.0.151(C00). The issue is an information leak caused by improper permission settings for certain USB commands, enabling an attacker with physical access to connect via USB and obtain specific device information. Connected...
CVE-2018-7924
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei phones have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. Vulnerability ID:...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Tegra_Bootrom_Rcm
This is a proof-of-concept arbitrary code loader for Tegra processors, which takes advantage of CVE-2018-6242 "Fusée Gelée" to gain arbitrary code execution and load small payloads over USB. The vulnerability is documented in the 'report' subfolder, and more details and guides are to follow. The...
The vulnerability of the Android operating system from the CAF repository, related to insufficient checking of the USB interface during loading, allows a hacker to execute arbitrary code.
The vulnerability of the Android operating system from the CAF repository arises from the execution of an operation outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, due to insufficient protection of the USB interface during...
Input validation
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot...
CVE-2014-9981
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot...