251 matches found
Uclibc-ng Denial of Service Vulnerability
Uclibc-ng is a C library for developing embedded Linux systems. A denial of service vulnerability exists in Uclibc-ng. An attacker can exploit this vulnerability to cause a denial of service...
Arris DG1670A Cable Modem Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution Title: Arris DG1670A Cable Modem Remote Command Execution Advisory ID: KL-001-2016-001 Publication Date: 2016.02.12 Publication URL:...
ziggystartux
ziggystartux A Kaiten rewrite, with much new functionality, an...
Arris DG1670A Cable Modem Remote Command Execution
Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...
Seagate GoFlex Satellite Remote Telnet Default Password Vulnerability
Seagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled. Title: Seagate GoFlex Satellite Remote Telnet Default Password Publication URL:...
Seagate GoFlex Satellite Remote Telnet Default Password
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password Title: Seagate GoFlex Satellite Remote Telnet Default Password Advisory ID: KL-001-2015-007 Publication Date: 2015.12.18 Publication URL:...
Linksys EA6100 Wireless Router Authentication Bypass
Vulnerability Details Affected Vendor: Linksys Affected Product: EA6100 - EA6300 Wireless Router Affected Version: 1.1.5 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel Impact: Remote Administration Attack vector: HTTP CVE-ID: 2...
Cradlepoint MBR 1200 / 1400 Local File Inclusion
Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...
Cradlepoint MBR1400 and MBR1200 - Local File Inclusion
Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...
Cradlepoint MBR1400 and MBR1200 Local File Inclusion Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoi...
Cradlepoint MBR1400 and MBR1200 - Local File Inclusion
Cradlepoint MBR1400 and MBR1200 - Local File Inclusion Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint...
ipTIME DHCP Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...
HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution
Potential Security Impact Remote code execution VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow...
Patching Bash Vulnerability a Challenge for ICS, SCADA
While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...
Embedded Device Security, BadUSB, Car Hacking at Black Hat
LAS VEGAS — At the risk of diving headfirst into the Internet of Things fray, embedded device security emerged as a shiny new penny during last week’s Black Hat and DEF CON festivities. Firmware is the new hacker black, and everything from USB sticks, to home routers, to automobiles is in play fo...
Advantech Embedded Linux Operating System Detection
Binary data 8053.prm...
IBM 1754 GCM16 1.18.0.22011 Command Execution Vulnerability
IBM 1754 GCM16 versions 1.18.0.22011 and below contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exist because webapp variables are not sanitized. In this case, parameters $count and $size from ping.php allow to create a special crafted URL...
Serious Vulnerabilities Found in Popular Home Wireless Routers
Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere. A handful of vulnerabilities were identified...
Polycom Firmware Update Command Injection
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...