CVE-2023-25758

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

EUVD-2023-29663

Malicious code in bioql PyPI...

ONEKEY Platform 数据伪造问题漏洞

ONEKEY Platform is an application of ONEKEY. A data forgery issue vulnerability exists in ONEKEY Platform, which stems from peer-to-peer authentication being disabled everywhere, allowing a remote unauthenticated user to execute arbitrary commands with elevated privileges on an affected device...

ONEKEY Platform 命令注入漏洞

ONEKEY Platform is an application of ONEKEY. A command injection vulnerability exists in ONEKEY Platform that stems from the presence of a command injection vulnerability...

PT-2024-5667 · Tenda · Tenda I22

Name of the Vulnerable Software and Affected Versions: Tenda i22 version 1.0.0.34687 Description: The issue is related to a buffer overflow in the formApPortalOneKeyAuth function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality,...

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions ...

Binwalk 2.3.2 Remote Command Execution

Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...

Binwalk v2.3.2 - Remote Command Execution (RCE)

Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...

Exploit for OS Command Injection in Netmodule Netmodule_Router_Software

Analyzing and Reproducing the Command Injection Vulnerabilit...

CVE-2023-25758

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

CVE-2023-25758

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

Design/Logic Flaw

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

CVE-2023-25758

CVE-2023-25758 affects Onekey Touch devices up to 4.0.0 and Onekey Mini devices up to 2.10.0. The issue allows a man-in-the-middle to obtain the seed phase, but only after disassembling the device (physical access). The vulnerability description is consistent across multiple sources, which specif...

Onekey Touch devices 安全漏洞

Onekey Touch devices is a one-touch device from Onekey. A security vulnerability exists in Onekey Touch devices versions prior to 4.0.0 and Onekey Mini devices versions prior to 2.10.0. An attacker could exploit this vulnerability to conduct a man-in-the-middle attack...

CVE-2023-25758

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

CVE-2023-25758

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP...

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...

SQL Injection Vulnerability in OneKey Education Cloud Disk Service Platform of Orient Boguan (Beijing) Technology Co.

The OneKey Education Cloud Disk Service Platform supports multiple platforms such as Web, PC, and Android cell phone clients for cross-platform and cross-terminal file sharing and anytime, anywhere access. There is a SQL injection vulnerability in the OneKey Education Cloud Disk Service Platform ...

Lenovo Service Engine (LSE) BIOS for Notebook

Lenovo Security Advisory: LEN-2015-020 Potential Impact: Privilege Escalation Severity: High Summary: Vulnerabilities have been identified in the Lenovo Service Engine LSE which may run on certain Lenovo notebook systems that do not have a Lenovo preloaded operating system installed. Lenovo has...

Lenovo Service Engine (LSE) BIOS for Notebook - Lenovo Support US

No description provided...