9 matches found
CVE-2022-25219
A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...
CVE-2022-25219
A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...
Design/Logic Flaw
A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...
CVE-2022-25219
CVE-2022-25219/25218 describe a flaw in the telnetd_startup routine where the use of RSA without padding (or OAEP) enables an unauthenticated attacker on the local network to influence the decrypted plaintext via crafted UDP packets, potentially gaining a root shell. The 25219 issue centers on a ...
CVE-2022-25218
The CVE-2022-25218 entry concerns PHICOMM router devices (e.g., K2, K3, K3C) where telnetd_startup uses RSA without OAEP or padding. An unauthenticated attacker on the LAN can craft UDP packets to influence the OpenSSL RSA_public_decrypt() processing, manipulating the telnetd startup state machin...
CVE-2014-0973
The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...
Authentication flaw
The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...
CVE-2014-0973
CVE-2014-0973 affects the Little Kernel (LK) bootloader used with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The image_verify function in platform/msm_shared/image_verify.c does not ensure the digest size is consistent with the RSA_public_decrypt API, enabling bypass...
CVE-2014-0973
The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...