Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”

This post is a companion to the DEF CON 28 video available here Breaking the Firmware of Samsung’s NFC Chips Recently I have been looking into how to push the capabilities of my old smartphones beyond what you could traditionally do just by rooting it. Smartphones contain huge amounts of hardware...

Vulnerability in Trust Management Issues in Multiple NETGEAR Products (CNVD-2020-33660)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi A trust management...

Remote code execution

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting...

Information Disclosure Vulnerability in PEMS-6806AD/T

PEMS-6806AD/T is Shijiazhuang Hejia Technology Co., Ltd. independent research and development using high-performance 32-bit ARM processor, based on the embedded Linux platform, data acquisition, processing, storage, querying, event alarm, control, network communications as one of a new generation...

Fedora Update for libell FEDORA-2019-17419b24a3

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...

Design/Logic Flaw

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...

[SECURITY] Fedora 31 Update: libell-0.26-1.fc31

The Embedded Linux Library ELL provides core, low-level functionality for system daemons. It typically has no dependencies other than the Linux kerne l, C standard library, and libdl for dynamic linking. While ELL is designed to be efficient and compact enough for use on embedded Linux platforms,...

Dabman And Imperial Web Radio Devices Undocumented Telnet Backdoor

Document Title: =============== Dabman & Imperial i&d Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2183 Video: https://www.vulnerability-lab.com/getcontent.php?id=2190...

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

!/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 7brid DVR HD3-16V2, DX3-16V2/08V2/04V...

Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure Vulnerability

Exploit for cgi platform in category web applications !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504,...

Pengutronix Barebox Buffer Overflow Vulnerability (CNVD-2019-35034)

Pengutronix barebox is a bootloader used in embedded Linux systems. Pengutronix Barebox suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause, among other things, a buffer overflow or heap overflow...

Reverse Engineering 4G Hotspots for fun, bugs and net financial loss

a.k.a. 4G hotspots and their Discontents You might be here because you saw our talk at Defcon 27. You might want to watch that for the full rundown! TL;DR We found multiple vulnerabilities in several well known vendors Mi-Fi devices, including pre- and post-auth command injection and code executi...

Blue Angel Software Suite Command Execution

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...

The vulnerability of the microprogramming software of Cisco Aironet Series Access Points allows a intruder to gain access to the embedded operating system.

The vulnerability of the microprogramming software in Cisco Aironet Series Access Points involves access control deficiencies. Exploiting this vulnerability could allow an attacker to gain root access to the embedded Linux operating system...

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...

Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation Exploit

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account. Dell OpenManage Network...

Dell OpenManage Network Manager Multiple Vulnerabilities

Vulnerability Details Affected Vendor: Dell Affected Product: OpenManage Network Manager Affected Version: 6.2.0.51 SP3 Platform: Embedded Linux CWE Classification: CWE-285: Improper Authorization, CWE-284: Improper Access Control Impact: Privilege Escalation Attack vector: MySQL, HTTP CVE ID:...