50 matches found
EUVD-2019-14766
Malware in sbrugna...
EUVD-2019-14761
Malware in sbrugna...
EUVD-2019-14762
Malware in sbrugna...
EUVD-2019-14765
Malware in sbrugna...
EUVD-2019-14760
Malware in sbrugna...
CVE-2019-5160
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized...
CVE-2019-5161
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges...
CVE-2019-5155
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.0214, version...
Turing Video Turing Edge+ EVC5FD Security Vulnerability
Turing Video Turing Edge+ EVC5FD is a high performance cloud camera application from Turing Video. A security vulnerability exists in Turing Video Turing Edge+ EVC5FD v.1.38.6. A remote attacker could exploit the vulnerability to execute arbitrary code and obtain sensitive information via the clo...
Wago PFC200 Cloud Connectivity TimeoutUnconfirmed Command Injection (CVE-2019-5157)
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. This plug...
Wago PFC200 Cloud Connectivity Improper Host Validation (CVE-2019-5160)
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized...
Wago PFC200 Cloud Connectivity Multiple Command Injection (CVE-2019-5155)
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.0214, version...
Wago PFC200 Cloud Connectivity Remote Code Execution (CVE-2019-5161)
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Th...
Wago PFC200 Cloud Connectivity TimeoutPrepared Command Injection (CVE-2019-5156)
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. This...
Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2021-1378 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETSERVERLISTREQUEST out-of-bounds write vulnerability November 29, 2021 CVE Number CVE-2021-21950,CVE-2021-21951 SUMMARY An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST...
Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability
Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...
Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability
Talos Vulnerability Report TALOS-2021-1380 Anker Eufy Homebase 2 homesecurity processmsg authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21953 SUMMARY An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homeba...
Vulnerability Spotlight: A deep dive into WAGO’s cloud connectivity and the vulnerabilities that arise
Report and research by Kelly Leuschner. WAGO makes several programmable automation controllers that are used in many industries including automotive, rail, power engineering, manufacturing and building management. Cisco Talos discovered 41 vulnerabilities in their PFC200 and PFC100 controllers. I...
What's New in Edge Delivery
Welcome to day two of the Akamai Platform Update! Today, we're focusing on Akamai's edge delivery products as well as other complimentary products that help drive great digital experiences. The last several months have been nothing short of unprecedented as lockdowns, quarantines, and other...
WAGO PFC200 Operating System Command Injection Vulnerability
The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. An operating system command injection vulnerability exists in the cloud connectivity feature of the WAGO PFC 200 with firmware versions 03.02.0214, 03.01.0713, and 03.00.3912, where an attacker can execute illeg...