173 matches found
IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices
IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...
CVE-2019-6816
In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol...
CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
PT-2019-2446 · Cisco · Cisco Secure Boot +1
Name of the Vulnerable Software and Affected Versions: Cisco products that support hardware-based Secure Boot functionality affected versions not specified Description: A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot...
Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-13787
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware...
CVE-2018-13787
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware...
Siemens SICLOCK TC Product Unauthorized Operation Vulnerability
The SICROCK product line offers components for synchronizing plant and system time. An unauthorized operation vulnerability exists in Siemens SICLOCK TC products. An attacker on network access port 69/UDP could modify the firmware of the device...
Design/Logic Flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the firmware of the device...
PS4 Firmware 4.55 Modified to Be Compatible with Firmware 5.50
By Waqas It was just last week when hackers identified a way This is a post from HackRead.com Read the original post: PS4 Firmware 4.55 Modified to Be Compatible with Firmware 5.50...
CVE-2017-5701
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery...
CVE-2017-6041
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520,...
CVE-2017-6041
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520,...
Actiontec T2200H Remote Reverse Root Shell
Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but likely affecting other similar models of theirs Affected Firmware: T2200H-31.128L.03 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanual.pdf Reported: November 2015 Status:...
PT-2018-05: Unauthorized Firmware Modification in Siemens EN100 Ethernet modules
The specialists of the Positive Research center have detected an Unauthorized Firmware Modification vulnerability in Siemens EN100 Ethernet modules. Vulnerability allows unauthenticated attackers to upgrade or downgrade the firmware of the affected device including to older versions with known...
Code injection
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete...
Apple OS X Apple Ethernet Thunderbolt Adapter Firmware Flashing Vulnerability
Apple OS X is an operating system developed by Apple Inc. A security vulnerability exists in Apple OS X EFI, where a link in the EFI common update allows a malicious Apple Ethernet Thunderbolt adapter to modify the host firmware. A local attacker could exploit the vulnerability to modify the host...
SYNful Knock: Backdoor Malware Found in Cisco Routers
Mandiant, a FireEye sister concern has been involved in researches related to cyber defense. In their recent findings, a backdoor malware named SYNful Knock identified as the one compromising the principles of Cisco routers with features such as... ...Having an everlasting effect, i.e. Serious...
Cisco Router SYNful Knock Implant TCP Activator
A router implant vulnerability, known as SYNful Knock has been reported in multiple Cisco routers . A successful exploitation might enable the attacker to modify the router's firmware, and thereby allow running arbitrary code, or using the server as a bot for further attacks...