14 matches found
EUVD-2024-38706
Malicious code in bioql PyPI...
EUVD-2024-38705
Malicious code in bioql PyPI...
CVE-2024-40893
Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...
CVE-2024-40892
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...
Exploit for CVE-2024-40892
fwbt Writeup: https://www.labs.greynoise.io/grimoire/2024-08-...
CVE-2024-40892
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...
CVE-2024-40893
Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...
CVE-2024-40893 Firewalla BTLE Authenticated Command Injection
Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...
CVE-2024-40893
Firewalla CVE-2024-40893: Multiple authenticated OS command injection vulnerabilities in Firewalla Box Software prior to 1.979. A physically close attacker authenticated to the Bluetooth Low-Energy (BTLE) interface can abuse the network configuration service to inject commands into parameters suc...
CVE-2024-40893 Firewalla BTLE Authenticated Command Injection
Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...
CVE-2024-40892
CVE-2024-40892 affects Firewalla Box software versions prior to 1.979. A physically proximate attacker can leverage the license UUID to authenticate and provision SSH credentials over BTLE, then log in via SSH once the attacker gains LAN access. License UUID can be obtained by plain-text Bluetoot...
CVE-2024-40892 Firewalla BTLE Weak Credentials
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...
CVE-2024-40892 Firewalla BTLE Weak Credentials
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...
Firewalla 安全漏洞
Firewalla is a driver from Firewalla Inc. A security vulnerability exists in Firewalla versions prior to 1.979 that stems from the presence of multiple authenticated operating system command injection vulnerabilities. An attacker authenticated with the Bluetooth Low Power Interface can use the...