Researchers uncover security holes in China-based Huawei routers

Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention. Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The...

[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c02931414 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02931414 Version: 1 HPSBPI02794...

Software Update Site For Hospital Respirators Found Riddled With Malware

UPDATE: A Web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise, Threatpost has...

CVE-2011-4861

The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502...

Code injection

The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502...

'SMS of Death' Attacks Can Crash the Simplest of Phones

Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin. Nicknamed ‘SMS of Death,’ the attacks were outlined by Collin...

[security bulletin] HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01886100 Version: 1 HPSBPI02472 SSRT090196 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access to Data, Denial of Service NOTICE: The information in this Security Bulletin shou...

HPSBPI02398 SSRT080166 rev.7 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files

Potential Security Impact Remote unauthorized access to files VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized acces...

I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability

Overview The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability. The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk...

JVN#70599814 I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability

The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery. Impact If a user views a malicious web page while logged into th...

JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery

Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...

JVN#71872818 AirStation series and BroadStation series vulnerable to cross-site request forgery

Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The web administration interface is vulnerable to cross-site request forgery. Impact If the administrator of such a produ...

Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability

Description Cisco IOS Firewall Authentication Proxy is prone to a buffer overflow condition. Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code. This issue affects the FTP and Telnet protocols, but not HTTP. Technologies Affected Cisco I...

CVE-2004-2439

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware...

Security Advisory: CBOS Web-based Configuration Utility Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: CBOS Web-based Configuration Utility Vulnerability ====================================================================== Revision 1.0 For Public Release 2001 August 23 20:00 UTC -800...

Alcatel ADSL modems provide unauthenticated TFTP access via physical WAN interface

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...