24 matches found
EUVD-2018-18159
Malware in sbrugna...
EUVD-2024-48334
Malicious code in bioql PyPI...
CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
CVE-2024-7408
CVE-2024-7408 affects Airveda Air Quality Monitor PM2.5/PM10. The issue is information disclosure through plaintext transmission in the AP pairing mode, enabling an attacker in proximity to capture Wi‑Fi traffic. This can facilitate an Evil Twin attack on the targeted system. The CVSS metrics ind...
CVE-2024-7408 Information Disclosure Vulnerability in Airveda Air Quality Monitor
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
CVE-2024-7408 Information Disclosure Vulnerability in Airveda Air Quality Monitor
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...
Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged
The Australian Federal Police AFP have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged...
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
CVE-2018-6402
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
Code injection
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...
Which? Magazine recommends vulnerable smart home camera
You’ll already know that we have a keen interest in smart home camera security. Our recent work on Swann and FLIR cameras showed how it could be trivially easy to spy on people through their security cameras. Which? Magazine has a well-earned reputation for providing product reviews for consumers...
Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control Vulnerability
Exploit for windows platform in category remote exploits Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.835...
Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control
secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested and a...
Targeted Evil Twin Wireless Access Point Attack Toolkit: The Rogue Toolkit
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points AP for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil tw...
Automated WPA Phishing Attacks: WiFiPhisher
Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...
WiFiPhisher v1.2 - Automated victim-customized phishing attacks against Wi-Fi clients
Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an ea...