Crestron Multiple Products CTP Console DELETE Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DELETE command of the CTP console. The issue results from the la...

Crestron Multiple Products CTP Console WIFIWEPPASSWORD Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFIWEPPASSWORD command of the CTP console. The issue results fr...

Crestron Multiple Products CTP Console WIFIPSKPASSWORD Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WIFIPSKPASSWORD command of the CTP console. The issue results fr...

Crestron Multiple Products CTP Console UDIR Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UDIR command of the CTP console. The issue results from the lack...

Crestron Multiple Products CTP Console MAKEDIR Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MAKEDIR command of the CTP console. The issue results from the...

Crestron Multiple Products CTP Console ADDUSER Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack ...

Crestron Multiple Products CTP Console COPYFILE Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the COPYFILE command of the CTP console. The issue results from the...

Back That App Up: Gaining Root on the Lenovo Vibe

In May of 2016, Mandiant’s Red Team discovered a series of vulnerabilities present on Lenovo’s Vibe P1 Android-based mobile device that allow local privilege escalation to the user “root”. Mandiant disclosed these vulnerabilities to Lenovo in May of 2016. Lenovo advised Mandiant that it should wo...

Samsung Fimg2d Local Competition Condition Vulnerability

Samsung Fimg2d is an Android-based 2D gas pedal product. Samsung Fimg2d suffers from a local competitive condition vulnerability that allows local attackers to exploit the vulnerability to elevate privileges...

Qolsys IQ Panel Using Hardcoded Encryption Keys Vulnerability

Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1. A remote attacker can exploit the vulnerability to create a digital signature for code by cleverly constructing...

Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities

The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor: /system/root/.ssh cat authorizedkeys Public key portion is: ssh-rsa...

Google Brillo OS — New Android-based OS for Internet of Things

Internet of Things is the future, and every big tech companies are trying to become an integral part of this upcoming trend. Keeping this in mind, Google is developing an operating system for connecting all devices via the Internet. Google is expected to launch a new Android-based operating syste...

Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Cius Denial of Service Vulnerability Advisory ID: cisco-sa-20120229-cius Revision 1.0 For Public Release 2012 February 29 16:00 UTC GMT +-------------------------------------------------------------------- Summary...