Lucene search
K

70 matches found

Cvelist
Cvelist
added 2019/03/21 3:42 p.m.22 views

CVE-2018-4011

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated...

6.5CVSS7.6AI score0.01323EPSS
Exploits1References1
CVE
CVE
added 2019/03/21 3:42 p.m.56 views

CVE-2018-4011

CUJO Smart Firewall mdnscap (firmware 7003) is affected by CVE-2018-4011: an integer underflow in SRV RDATA parsing during mDNS DNS RR processing leads to out-of-bounds heap access and a crash of the mdnscap process. The flaw arises when rdlength is small (e.g., 0x05) and the code subtracts 6 wit...

7.5CVSS7.5AI score0.01323EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/21 3:30 p.m.54 views

CVE-2018-3985

CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...

9.8CVSS9.7AI score0.01857EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/03/21 3:30 p.m.28 views

CVE-2018-3985

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacke...

8.3CVSS9.8AI score0.01857EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/21 3:26 p.m.32 views

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

8.2CVSS7.6AI score0.00501EPSS
Exploits1References1
CVE
CVE
added 2019/03/21 3:26 p.m.67 views

CVE-2018-3969

CVE-2018-3969 affects the CUJO Smart Firewall and describes a verified-boot bypass via embedding shell commands in /config/dhcpd.conf. Cisco Talos reports that an attacker who can write to /config/dhcpd.conf can cause the DHCP server to execute commands at boot, persisting across reboots and firm...

8.2CVSS7.6AI score0.00501EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/21 3:5 p.m.57 views

CVE-2018-4003

The CVE-2018-4003 issue affects CUJO Smart Firewall (firmware 7003) in the mdnscap mDNS parser. A heap-based buffer overflow occurs when parsing string lengths in mDNS resource records, allowing an unauthenticated remote attacker to trigger arbitrary code execution in the mdnscap process; exploit...

9.8CVSS9.8AI score0.01829EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/03/21 3:5 p.m.24 views

CVE-2018-4003

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. ...

8.3CVSS9.9AI score0.01829EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/03/21 12:0 a.m.4 views

PT-2019-10750 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: The issue is related to an integer underflow vulnerability in the mdnscap binary. It occurs when parsing SRV records in an mDNS packet, where the RDLENGTH value is handled incorrectly. This leads ...

7.5CVSS6.5AI score0.01323EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/03/21 12:0 a.m.7 views

PT-2019-10743 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: A heap overflow issue exists due to incorrect handling of string lengths when parsing character strings in mDNS resource records. This can lead to arbitrary code execution in the context of the...

9.8CVSS8.7AI score0.01829EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/03/21 12:0 a.m.7 views

PT-2019-10733 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall affected versions not specified Description: A vulnerability exists in the verified boot protection, allowing a local attacker to add arbitrary shell commands into the dhcpd.conf file. These commands persist across reboots...

8.2CVSS7.7AI score0.00501EPSS
Exploits1References2
CNVD
CNVD
added 2019/03/21 12:0 a.m.2 views

CUJO Smart Firewall Injection Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. An injection vulnerability exists in the configuration of the DHCP daemon in CUJO Smart Firewall using firmware version 7003. An attacker can exploit this vulnerability to execute arbitrary system commands...

9CVSS7.8AI score0.02612EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.3 views

CUJO Smart Firewall Buffer Overflow Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. A buffer overflow vulnerability exists in the CUJO Smart Firewall using firmware version 7003, which stems from the program failing to properly handle the length of a string when parsing a string in an mDNS resource record. An...

9.8CVSS7.8AI score0.01829EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.4 views

CUJO Smart Firewall Integer Overflow Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. An integer overflow vulnerability exists in the mdnscap binary in CUJO Smart Firewalls using firmware version 7003, which stems from the program failing to properly handle the 'RDLENGTH' value when parsing SRV records in mDNS...

7.5CVSS7.1AI score0.01323EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.4 views

CUJO Smart Firewall Code Injection Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. A code injection vulnerability exists in the Safe Browsing feature in the CUJO Smart Firewall using firmware version 7003. An attacker can exploit this vulnerability by sending an HTTP request to execute arbitrary Lua scripts in t...

10CVSS8AI score0.02669EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.3 views

CUJO Smart Firewall Denial of Service Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. A denial of service vulnerability exists in the mdnscap binary in the CUJO Smart Firewall using firmware version 7003, which stems from the program failing to securely handle compressed pointers when parsing labels in mDNS packets...

7.8CVSS6.8AI score0.01569EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.3 views

CUJO Smart Firewall Privilege Permission and Access Control Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. A privilege-granting and access-control vulnerability exists in the Authentication Boot Protection feature in the CUJO Smart Firewall using firmware version 7003. A local attacker can exploit this vulnerability by performing a wri...

8.2CVSS7AI score0.00501EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2019/03/19 9:43 p.m.108 views

Host of Flaws Found in CUJO Smart Firewall

Multiple vulnerabilities have been uncovered in the CUJO Smart Firewall, which is a security hardware device aimed at protecting home networks against malware, phishing websites and hacking attempts. CUJO is widely available, including on Amazon where it has racked up 1,000+ customer reviews. The...

10CVSS0.5AI score0.02669EPSS
Exploits4References7
Talos Blog
Talos Blog
added 2019/03/19 8:0 a.m.170 views

Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summary CUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of threats such as malware, phishing websites and hacking attempts. Cisco Talos recently discovered 11...

9.3CVSS1AI score0.02669EPSS
Exploits10
Talos
Talos
added 2019/03/19 12:0 a.m.952 views

CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability

Summary An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap...

9.8CVSS9.3AI score0.01829EPSS
Exploits1
Rows per page
Query Builder