70 matches found
CVE-2018-4011
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated...
CVE-2018-4011
CUJO Smart Firewall mdnscap (firmware 7003) is affected by CVE-2018-4011: an integer underflow in SRV RDATA parsing during mDNS DNS RR processing leads to out-of-bounds heap access and a crash of the mdnscap process. The flaw arises when rdlength is small (e.g., 0x05) and the code subtracts 6 wit...
CVE-2018-3985
CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...
CVE-2018-3985
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacke...
CVE-2018-3969
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...
CVE-2018-3969
CVE-2018-3969 affects the CUJO Smart Firewall and describes a verified-boot bypass via embedding shell commands in /config/dhcpd.conf. Cisco Talos reports that an attacker who can write to /config/dhcpd.conf can cause the DHCP server to execute commands at boot, persisting across reboots and firm...
CVE-2018-4003
The CVE-2018-4003 issue affects CUJO Smart Firewall (firmware 7003) in the mdnscap mDNS parser. A heap-based buffer overflow occurs when parsing string lengths in mDNS resource records, allowing an unauthenticated remote attacker to trigger arbitrary code execution in the mdnscap process; exploit...
CVE-2018-4003
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. ...
PT-2019-10750 · Cujo · Cujo Smart Firewall
Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: The issue is related to an integer underflow vulnerability in the mdnscap binary. It occurs when parsing SRV records in an mDNS packet, where the RDLENGTH value is handled incorrectly. This leads ...
PT-2019-10743 · Cujo · Cujo Smart Firewall
Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: A heap overflow issue exists due to incorrect handling of string lengths when parsing character strings in mDNS resource records. This can lead to arbitrary code execution in the context of the...
PT-2019-10733 · Cujo · Cujo Smart Firewall
Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall affected versions not specified Description: A vulnerability exists in the verified boot protection, allowing a local attacker to add arbitrary shell commands into the dhcpd.conf file. These commands persist across reboots...
CUJO Smart Firewall Injection Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. An injection vulnerability exists in the configuration of the DHCP daemon in CUJO Smart Firewall using firmware version 7003. An attacker can exploit this vulnerability to execute arbitrary system commands...
CUJO Smart Firewall Buffer Overflow Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. A buffer overflow vulnerability exists in the CUJO Smart Firewall using firmware version 7003, which stems from the program failing to properly handle the length of a string when parsing a string in an mDNS resource record. An...
CUJO Smart Firewall Integer Overflow Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. An integer overflow vulnerability exists in the mdnscap binary in CUJO Smart Firewalls using firmware version 7003, which stems from the program failing to properly handle the 'RDLENGTH' value when parsing SRV records in mDNS...
CUJO Smart Firewall Code Injection Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. A code injection vulnerability exists in the Safe Browsing feature in the CUJO Smart Firewall using firmware version 7003. An attacker can exploit this vulnerability by sending an HTTP request to execute arbitrary Lua scripts in t...
CUJO Smart Firewall Denial of Service Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. A denial of service vulnerability exists in the mdnscap binary in the CUJO Smart Firewall using firmware version 7003, which stems from the program failing to securely handle compressed pointers when parsing labels in mDNS packets...
CUJO Smart Firewall Privilege Permission and Access Control Vulnerability
CUJO Smart Firewall is a home smart firewall device from CUJO USA. A privilege-granting and access-control vulnerability exists in the Authentication Boot Protection feature in the CUJO Smart Firewall using firmware version 7003. A local attacker can exploit this vulnerability by performing a wri...
Host of Flaws Found in CUJO Smart Firewall
Multiple vulnerabilities have been uncovered in the CUJO Smart Firewall, which is a security hardware device aimed at protecting home networks against malware, phishing websites and hacking attempts. CUJO is widely available, including on Amazon where it has racked up 1,000+ customer reviews. The...
Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summary CUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of threats such as malware, phishing websites and hacking attempts. Cisco Talos recently discovered 11...
CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap...