RaspAP Command Injection Vulnerability (CNVD-2021-94940)

RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. a command injection vulnerability exists in includes/configureclient.php in RaspAP version 2.6.6. An attacker could...

RaspAP Remote Code Execution Vulnerability (CNVD-2021-94941)

RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. raspap-webgui in RaspAP version 2.6.6 is vulnerable to remote code execution. The vulnerability stems from insecure...

RaspAP 命令注入漏洞

RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. a command injection vulnerability exists in includes/configureclient.php in RaspAP version 2.6.6. An attacker could...

RaspAP安全漏洞

RaspAP is a software solution that can easily deploy Raspberry Pi as a wireless AP access point with a set of responsive WebUI to control WiFi, as easy to use as a home router. raspap-webgui in RaspAP version 2.6.6 is vulnerable to remote code execution. The vulnerability stems from insecure...

RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: RaspAP 2.6.6 - Remote Code Execution RCE Authenticated Date: 23.08.2021 Exploit Author: Moritz Gruber Vendor Homepage: https://raspap.com/ Software Link: https://github.com/RaspAP/raspap-webgui Version: 2.6.6 Tested on: Linux raspberrypi 5.10.52-v7+ import requests from requests.ap...

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

Code injection

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

CVE-2021-38545

CVE-2021-38545 concerns Raspberry Pi 3 B+ and 4 B devices, up to 2021-08-09, where powering an audio output in certain use cases creates a side channel. The LED power indicator is tied to the power line, so LED light intensity correlates with overall power consumption; the sound played by connect...

Raspberry Pi 3 module B+ 安全漏洞

The Raspberry Pi 3 module B+ is an embedded system development board. A security vulnerability exists in the Raspberry Pi 3 module B+ and 4 B. The vulnerability stems from a problem with the device powering an audio output device under certain usage scenarios. The vulnerability can be exploited b...

Smart car chargers. Plug-n-play for hackers?

Over the last 18 months, we’ve been investigating the security of smart electric vehicle chargers. These allow the owner to remotely monitor and manage the charge state, speed and timing of their car charger, among many functions. We bought 6 different brands of chargers and also reviewed securit...

Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)

rtl433 despite the name is a generic data receiver, mainly for the 433.92 MHz, 868 MHz SRD, 315 MHz, 345 MHz, and 915 MHz ISM bands. The official source code is in the https://github.com/merbanan/rtl433/ repository. For more documentation and related projects see the https://triq.org/ site. It...

USN-5014-1: Linux kernel vulnerability

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5002-1: Linux kernel (HWE) vulnerability

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code...

The Raspberry Pi Foundation Raspberry Pi OS with desktop has a weak password vulnerability

Raspberry Pi OS with desktop is an operating system. The Raspberry Pi Foundation Raspberry Pi OS with desktop suffers from a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

SUSE: Security Advisory (SUSE-SU-2017:3441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:0769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:0695-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...