Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 SUMMARY Four format string injection vulnerabilities exist in th...

The vulnerability of the UART console of the TP-Link TL-WR840N EU microprogramming software allows a hacker to execute arbitrary commands on behalf of the root user.

The vulnerability of the UART console of the TP-Link TL-WR840N EU router’s microprogramming software lies in the absence of authentication procedures. Exploiting this vulnerability allows a hacker to execute arbitrary commands on behalf of the root user...

TP-LINK TL-WR840N Access Control Error Vulnerability

The TP-LINK TL-WR840N is a wireless router from China P&L TP-LINK. An Access Control Error vulnerability exists in the TP-Link TL-WR840N EU v6.20, which stems from an insecure UART console, and can be exploited by an attacker to execute commands as the root user without authentication...

CVE-2022-29402

CVE-2022-29402 affects the TP-Link TL-WR840N EU v6.20. The issue is insecure protections for the UART console, allowing an attacker with physical access to connect via a serial port and execute commands as root without authentication. The CVE is documented with a physical attack vector and high i...

Netgear Nighthawk R6700 License Issue Vulnerability

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

CVE-2021-23147

Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2021-23147

The CVE concerns Netgear Nighthawk R6700 router (v1.0.4.120). The root cause is insufficient protections for the UART console, enabling a physically proximate attacker with serial access to execute commands as root without authentication. Implications include full device compromise and potential ...

Netgear Nighthawk R6700 授权问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device lies in the use of uncontrolled format lines, which allows a perpetrator to trigger a service failure.

The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to cause a service failure by using a specially crafted command e.g., canrcv canteseo2%n%n%n%n%n%n%n when...

Brickcom IP Camera - Credentials Disclosure Vulnerability

Exploit for hardware platform in category web applications 1. Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302N...