CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 6GK5748-1GY01-0AA0, SCALANCE W1748-1 M12 6GK5748-1GY01-0TA0, SCALANCE W1788-1 M12 6GK5788-1GY01-0AA0, SCALANCE W1788-2 EEC M12 6GK5788-2GY01-0TA0, SCALANCE W1788-2 M12 6GK5788-2GY01-0AA0, SCALANCE W1788-2IA M12 6GK5788-2HY01-0AA0, SCALAN...

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or ev...

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle MitM attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allo...

CISA Order Highlights Persistent Risk at Network Edge

The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage NAS devices. Tracked as CVE-2022-34747 CVSS score: 9.8, the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited...

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

Binary vulnerability in Arista VEOS (CNVD-2022-18739)

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. A binary vulnerability exists in Arista VEOS, which can be exploited by attackers to cause a denial-of-service attack...

Binary vulnerability in Arista VEOS (CNVD-2022-18741)

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. A binary vulnerability exists in Arista VEOS, which can be exploited by attackers to cause a denial-of-service attack...

Binary vulnerability in Arista VEOS (CNVD-2022-18742)

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. A binary vulnerability exists in Arista VEOS, which can be exploited by attackers to cause a denial-of-service attack...

Denial of Service Vulnerability in Arista VEOS

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. A denial of service vulnerability exists in Arista VEOS, which can be exploited by attackers to cause a crash...

Command execution vulnerability in TOTOLINK T10 router (CNVD-2021-43463)

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a Hong Kong-listed high-tech foreign-funded enterprises stock code: HK.8287, one of the world's leading network equipment suppliers. A command execution vulnerability exists in the TOTOLINK T10 router, which can b...

Command execution vulnerability in TOTOLINK T10 router (CNVD-2021-43462)

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a Hong Kong-listed high-tech foreign-funded enterprises stock code: HK.8287, one of the world's leading network equipment suppliers. A command execution vulnerability exists in the TOTOLINK T10 router, which can b...

Command Execution Vulnerability in TOTOLINK T10 Router (CNVD-2021-43461)

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a Hong Kong-listed high-tech foreign-funded enterprises stock code: HK.8287, one of the world's leading network equipment suppliers. A command execution vulnerability exists in the TOTOLINK T10 router, which can b...

Command execution vulnerability in TOTOLINK T10 router (CNVD-2021-44930)

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a Hong Kong-listed high-tech foreign-funded enterprises stock code: HK.8287, one of the world's leading network equipment suppliers. A command execution vulnerability exists in the TOTOLINK T10 router. An attacker...

Command execution vulnerability in TOTOLINK T10 router (CNVD-2021-44929)

TOTOLINK is a brand held by Gion Electronics Shenzhen Co., Ltd, founded in 1999, is a Hong Kong-listed high-tech foreign-funded enterprises stock code: HK.8287, one of the world's leading network equipment suppliers. A command execution vulnerability exists in the TOTOLINK T10 router. An attacker...

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

For companies that haven't patched their BIG-IP products, it may already be too late...

GNU inetutils < 1.9.4 - 'telnet.c' Multiple Overflows (PoC)

GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...

More on the Supermicro Spying Story

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don't know anything more, but this is the...

[SECURITY] Fedora 28 Update: wireless-tools-29-20.fc28

This package contain the Wireless tools, used to manipulate the Wireless Extensions. The Wireless Extension is an interface allowing you to set Wireless LAN specific parameters and get the specific stats for wireless networking equipment...