CVE-2024-23937

CVE-2024-23937 – Silicon Labs Gecko OS : The exposed issue lies in the debug interface of Gecko OS, where a user-supplied string is used as a format specifier without proper validation. This enables network-adjacent attackers to disclose sensitive information and, in combination with other vulner...

CVE-2024-23937 Silicon Labs Gecko OS Debug Interface Format String

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...

Silicon Labs Gecko OS 安全漏洞

Silicon Labs Gecko OS is a highly optimized and feature-rich operating system for the Internet of Things from Silicon Labs, USA. A security vulnerability exists in Silicon Labs Gecko OS that stems from a missing debug interface format string validation...

AZL-56276 CVE-2024-47143 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock: CPU0 CPU1 CPU2 dmafreeatt...

DEBIAN-CVE-2024-56683

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code disabling the dvp...

CVE-2024-23938

Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. T...

CVE-2024-23938 Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability

Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. T...

CVE-2024-23938

The CVE-2024-23938 entry describes a stack-based buffer overflow in the Silicon Labs Gecko OS Debug Interface that allows remote code execution by network-adjacent attackers without authentication. The root cause is improper validation of the length of user-supplied data prior to copying it into ...

PT-2024-20190 · Silicon · Gecko Os

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this issue...

(Pwn2Own) Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper...

PT-2024-20189 · Silicon · Gecko Os

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko OS affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific fl...

Helpful tools to get started in IoT Assessments

The Internet of Things IoT can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start. Having performed dozens of IoT assessments, I felt it would be beneficial to compile a basic list of items that are...

CVE-2024-4760

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set...

CVE-2024-4760 Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set...

CVE-2024-4760

The CVE-2024-4760 issue relates to a voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers that allows access to the memory bus via the debug interface even when the security bit is set. Technical de...

Microchip SAM 安全漏洞

Microchip SAM is a family of microprocessors and microcontrollers from Microchip Technology USA. A security vulnerability exists in the Microchip SAM family of products, which arises from a voltage spike during controller startup that allows access to the memory bus through the debug interface...

Cisco IP Phones 8800 Series Command Injection Vulnerability in Debug Shell (CVE-2017-12305)

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

CVE-2023-32666

On-chip debug and test interface with improper access control in some 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2023-50124

Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner...

CVE-2023-50124

Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner...