68 matches found
CVE-2020-0149
In btuhcifmodechangeevt of btuhcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product:...
Improper access control
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software...
CVE-2019-13405
CVE-2019-13405 affects AndroVideo Advan VD-1 firmware v230. The issue is broken access control allowing an unauthenticated POST to cgibin/AdbSetting.cgi to enable ADB, enabling the attacker to take control of the device as a relay or install mining software. The public docs do not provide a patch...
CVE-2019-13405 Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software...
CVE-2019-5625 Eaton Halo Home Android App Insecure Storage
The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...
IC3 Issues Alert on IoT Devices
In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center IC3 has issued an alert to individuals and businesses about the security risks involved with the Internet of Things IoT. IoT refers to the emerging network of devices e.g., smart TVs, home automation...
Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)
After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...
Common Firewall Feature Enables TCP Hijacking Attacks
Attackers using a feature that is common to many firewalls, switches and other networking gear could silently hijack Web sessions on mobile and desktop devices, according to a research paper presented by two Ph.D students from the University of Michigan. The two discovered that so-called TCP...