EUVD-2007-2018

Malware in sbrugna...

EUVD-2022-34255

Malicious code in bioql PyPI...

EUVD-2021-33069

Malicious code in bioql PyPI...

Ford says it’s safe to drive its cars with a WiFi vulnerability

Ford has released information about a buffer overflow vulnerability in its SYNC 3 infotainment system. Ford learned from a supplier that a security researcher had discovered a vulnerability in the Wi-Fi software driver supplied for use in the SYNC 3 infotainment system available on some Ford and...

CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

CVE-2022-45440

The CVE-2022-45440 issue affects Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, where the FTP server processes symbolic links on external storage. A local attacker with administrator privileges can abuse this to access the device’s root filesystem by creating a symbolic link on a USB/external...

Lepin EP-KP001 KP001_V19 Authentication Bypass Vulnerability

When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication. Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability...

Lepin EP-KP001 KP001_V19 Authentication Bypass

Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability Type: Violation of Secure Design Principles CWE-657 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure:...

CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...

CVE-2022-29948

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode 6 to...

Design/Logic Flaw

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

CVE-2021-46390

CVE-2021-46390 – Lexar_F35 v1.0.34 exhibits an access-control flaw in the authentication module of a Lexar USB flash drive. The vulnerability allows a local attacker with physical access to bypass password authentication by analyzing and manipulating the returned password verification/comparison ...

Lexar_F35 授权问题漏洞

LexarF35 is a USB flash drive from Lexar Corporation. A security vulnerability exists in LexarF35 version 1.0.34, which originates from an access control issue in the authentication module. The vulnerability can be exploited by an attacker to access sensitive data and cause a denial of service Do...

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

Design/Logic Flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

CVE-2021-38396

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB...

Design/Logic Flaw

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB...

CVE-2021-38396

The CVE-2021-38396 issue affects Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. The vulnerability is due to the programmer installation utility not performing cryptographic authenticity or integrity checks on software on the flash drive, enabling an attacker with physical...