Buffer overflow

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Design/Logic Flaw

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2021-1925

Possible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2021-1915

CVE-2021-1915 is a documented buffer overflow vulnerability arising from improper validation of the NDP application information length in Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/CE/IoT/Industrial IoT/Mobile/Voice & Music/WIN). The initial entry states a buffer overflow risk witho...

CVE-2021-1925

CVE-2021-1925 is a DoS vulnerability tied to Qualcomm Snapdragon closed‑source components. The root cause, per the available documents, is improper handling of the Group Management Operations Framework in various Snapdragon lines (Auto, Compute, Connectivity, CE Connectivity, IoT, Industrial IoT,...

Phishing Attacks Spawn Three New Malware Strains

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team. On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains...

Delta Electronics CNCSoft ScreenEditor 缓冲区错误漏洞

Delta Electronics CNCSoft ScreenEditor is a CNC machine tool simulation system software from Delta Electronics Taiwan, China. A buffer error vulnerability exists in CNCSoft ScreenEditor versions prior to 1.01.28, which is caused by a boundary error when processing untrustworthy input...

Delta Electronics CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device, and an out-of-bounds write...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Hardcoded credentials

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

Server side request forgery (ssrf)

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-22002

CVE-2020-22002 – Inim Electronics SmartLiving SmartLAN/G/SI (<=6.x) suffers an unauthenticated SSRF in GetImage where the application uses user-supplied GET parameter host to construct an image request via onvif.cgi without validating the value. The root cause is lack of input validation on ho...

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...

CVE-2020-21995

CVE-2020-21995 affects INIM Electronics SmartLiving SmartLAN/G/SI devices (affected <= 6.x). Root cause is hard-coded credentials embedded in the Linux distribution image, enabling an attacker to access Telnet, SSH, and FTP. Affected models include SmartLiving 505, 515, 1050/1050/G3, 10100L/10...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI <= 6.x (ARM, 32-bit) contains an authenticated remote command injection vulnerability. The issue arises because the par POST parameter is not sanitized when the testemail module is invoked via web.cgi; the vulnerable binary uses system() to run sh to ...