30 matches found
EUVD-2020-20049
Malware in sbrugna...
EUVD-2020-20048
Malware in sbrugna...
EUVD-2020-20051
Malware in sbrugna...
EUVD-2020-20050
Malware in sbrugna...
CVE-2020-27539
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
CVE-2020-27541
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and start...
Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices
Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service DDoS and spam attacks on behalf of paid customer...
Moxa NPort IAW5000A-I/O Series Serial Device Server
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: NPort IAW5000A-I/O Series Wireless Device Server Vulnerabilities: Classic Buffer Overflow, Stack-based Buffer Overflow, Improper Input Validation, OS Command Injection 2. RISK EVALUATION...
CVE-2020-27540
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...
CVE-2020-27539
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
CVE-2020-27542
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...
CVE-2020-27541
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and start...
CVE-2020-27541
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and start...
CVE-2020-27539
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
Denial of service
Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and start...
Heap overflow
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow OOB write. In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...
Command injection
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...
Design/Logic Flaw
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...
Rostelecom CS-CSHW Command Injection Vulnerability
A security vulnerability exists in Rostelecom CS-C2SHW 5.0.082.1, which can be exploited by an attacker for bash injection...
Rostelecom CS-CSHW Buffer Error Vulnerability
A security vulnerability exists in Rostelecom CS-C2SHW 5.0.082.1 that originates from a heap overflow where the program fully parses an HTTP response...