TP-Link Archer Code Execution Vulnerability

The TP-Link Archer A7 AC1750 is a wireless router from China P&L TP-Link. A security vulnerability exists in the tdpServer service in the TP-Link Archer A7 using firmware version 190726 AC1750, which stems from the program's use of hard-coded encryption keys. An attacker could exploit the...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

CVE-2020-10884

This CVE concerns TP-Link Archer A7 AC1750 routers running firmware 190726. Affected component is the tdpServer daemon, which listens on UDP port 20002; the issue stems from a hard-coded encryption key, enabling network-adjacent attackers to execute arbitrary code with root privileges in vulnerab...

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

PT-2020-2707 · Istio · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali versions prior to 1.15.1 Description: The issue is related to a hard-coded cryptographic key in the default configuration file of Kiali, which is part of the Istio service mesh. This flaw can be exploited by a remote attacker to create...

(Pwn2Own) TP-Link Archer A7 tdpServer Use of Hard-coded Cryptographic Key Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by defaul...

CVE-2020-6979

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered...

CVE-2020-6979

CVE-2020-6979 affects Moxa EDS-G516E (and EDS-510E per advisories) with firmware version 5.2 or lower, where a hard-coded cryptographic key is used, increasing the risk that confidential data can be recovered. Affected components are the cryptographic handling paths implementing the hard-coded ke...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6983

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered...

CVE-2020-6985

CVE-2020-6985 affects Moxa PT-7528 and PT-7828 Ethernet switches: firmware versions PT-7528 ≤ 4.0 and PT-7828 ≤ 3.9 expose a hard-coded service code for console access. The Red Hat and NVD entries, plus the ICS advisory, confirm a remote-exploitation risk with high-impact vectors (remote, no user...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6983

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Hackers Actively Exploit 0-Day in CCTV Camera Hardware

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Multiple zero-day vulnerabilities in digital video recorders DVRs for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo...

Containous Traefik Trust Management Issues Vulnerability

Containous Traefik is a reverse proxy and load balancer from Containous USA. A trust management issue vulnerability exists in Containous Traefik version 2.x prior to 2.1.4 and TraefikEE version 2.0.0. The vulnerability stems from the lack of an effective trust management mechanism in a networked...

Citrix Systems SD-WAN Trust Management Issue Vulnerability

Citrix Systems SD-WAN is a suite of software-defined WAN solutions from Citrix Systems USA. A vulnerability with trust management issues exists in Citrix Systems SD-WAN versions 10.2.x prior to 10.2.6 and 11.0.x prior to 11.0.3. The vulnerability stems from the lack of an effective trust manageme...