Moxa Command Injection / Cross Site Scripting / Vulnerable Software

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number:...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm...

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits SDKs accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK...

Cisco RV34X系列 权限提升漏洞（CVE-2021-1520）

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer May 5, 2021 |In Research |By [email protected] TL;DR A few weeks ago, we published an advisory on the Cisco RV series routers, where we outlined the root cause for authentication bypass and remote command execution issues...

Cisco RV Authentication Bypass / Code Execution

IoT Inspector Research Lab Security Advisory IOT-20210414-0 title: Cisco RV series Authentication Bypass and Remote Command Execution vendor/product: Cisco https://www.cisco.com/ vulnerable version: RV16X/RV26X: 1.0.01.02 & below. RV34X: 1.0.03.20 & below. fixed version: RV16X/RV26X: 1.0.01.03...

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version:...

Zyxel NWA/NAP/WAC Hardcoded Credentials Vulnerability

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the...

Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...

IoT Inspector Tool from Princeton

Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. From their blog post: Finding 3: Many IoT...