33 matches found
EUVD-2014-5813
Malware in sbrugna...
EUVD-2018-17169
Malware in sbrugna...
CVE-2020-5551
Toyota 2017 Model Year DCU Display Control Unit allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus LC, LS, NX, RC, RC F, TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the...
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime
Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors...
GSD-2023-1001307 drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsldcudrmconnectormodevalid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
GSD-2023-1000964 drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsldcudrmconnectormodevalid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
PT-2023-34041 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue concerns a function fsl dcu drm connector mode valid with an incorrect return type. The actual impact and potential for attack have not been proven. Recommendations: For Linux...
blog.dcu.ac.kr Cross Site Scripting vulnerability OBB-2892003
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-5551
Toyota 2017 Model Year DCU Display Control Unit allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus LC, LS, NX, RC, RC F, TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the...
Design/Logic Flaw
Toyota 2017 Model Year DCU Display Control Unit allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus LC, LS, NX, RC, RC F, TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the...
CVE-2020-5551
The CVE-2020-5551 entry describes a vulnerability in Toyota 2017 Model Year DCU (Display Control Unit) exposed in Lexus (LC, LS, NX, RC, RC F), Toyota Camry, and Toyota Sienna (regions outside Japan) built Oct 2016–Oct 2019. An unauthenticated attacker within Bluetooth range can trigger a DoS or ...
Input validation
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...
CVE-2019-11536
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...
CVE-2019-11536
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...
CVE-2019-11536
Summary (CVE-2019-11536) Kalkitech SYNC3000 Substation DCU GPC versions 2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1 are affected when WebHMI is not installed. The issue allows an attacker to inject client-side commands or scripts that are executed on the de...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...
CVE-2018-5400
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...