Privilege escalation

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs packa...

Privilege escalation

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the mxsldr...

Privilege escalation

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs-util...

CVE-2023-45842

CVE-2023-45842 affects Buildroot 2023.08.1 and the dev commit 622698d7847, where data-integrity vulnerabilities in the package hash checking enable a MITM attacker to substitute compromised sources for Buildroot packages. The Talos advisory TALOS-2023-1844 documents multiple related CVEs (includi...

CVE-2023-45842

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the mxsldr...

CVE-2023-45839

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs-util...

CVE-2023-45840

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the...

CVE-2023-45841

CVE-2023-45841: Cisco Talos and Red Hat notes describe data integrity vulnerabilities in Buildroot’s package hash checking for Buildroot 2023.08.1 and the dev commit 622698d7847, enabling a MITM attacker to substitute package sources and cause arbitrary code execution during the build, with the i...

CVE-2023-43608

CVE-2023-43608 affects Buildroot 2023.08.1 and the dev commit 622698d7847, exposing BR_NO_CHECK_HASH_FOR to MITM manipulation. A crafted attack could substitute package sources and lead to arbitrary command execution in the builder, with potential tampering of generated build outputs. Talos summa...

CVE-2023-45839

CVE-2023-45839 concerns Buildroot (2023.08.1 and dev commit 622698d7847) with multiple data-integrity vulnerabilities in the package hash checking, related to aufs-util. Talos confirms Buildroot is susceptible to MITM-based tampering of downloaded sources (no hash/check for certain packages), ena...

CVE-2023-43608

A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder...

CVE-2023-45838

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs packa...

CVE-2023-45838

Buildroot CVE-2023-45838 affects the package hash checking for Buildroot 2023.08.1 and dev commit 622698d7847 (aufs-related). TALOS confirms multiple data integrity vulnerabilities enabling a MITM to provide compromised sources, potentially allowing arbitrary command execution in the builder. Key...

TOTOLINK X6000R sub_415534 function command execution vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the sub415534 function failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...

TOTOLINK X6000R hostName Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the switchOpMode component's hostName parameter failing to correctly filter constructed command special characters, commands, and so on. ...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1. An attacker can exploit this vulnerabilit...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

D-Link Go-RT-AC750 Command Injection Vulnerability

The D-Link GO-RT-AC750 is a wireless dual-band simple router from China's AUO D-Link. A command injection vulnerability exists in the D-Link Go-RT-AC750 revAv101b03 version, which stems from the service parameter of hedwig.cgi failing to correctly filter the construct command special characters,...

Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...