Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1583 Abode Systems, Inc. iota All-In-One Security Kit UPnP logging format string injection vulnerabilities October 20, 2022 CVE Number CVE-2022-35879,CVE-2022-35878,CVE-2022-35881,CVE-2022-35880 SUMMARY Four format string injection vulnerabilities exist in th...

The vulnerability of the UART console of the TP-Link TL-WR840N EU microprogramming software allows a hacker to execute arbitrary commands on behalf of the root user.

The vulnerability of the UART console of the TP-Link TL-WR840N EU router’s microprogramming software lies in the absence of authentication procedures. Exploiting this vulnerability allows a hacker to execute arbitrary commands on behalf of the root user...

TP-LINK TL-WR840N Access Control Error Vulnerability

The TP-LINK TL-WR840N is a wireless router from China P&L TP-LINK. An Access Control Error vulnerability exists in the TP-Link TL-WR840N EU v6.20, which stems from an insecure UART console, and can be exploited by an attacker to execute commands as the root user without authentication...

CVE-2022-29402

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication...

Authentication flaw

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2022-29402

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2022-29402

CVE-2022-29402 affects the TP-Link TL-WR840N EU v6.20. The issue is insecure protections for the UART console, allowing an attacker with physical access to connect via a serial port and execute commands as root without authentication. The CVE is documented with a physical attack vector and high i...

TP-LINK TL-WR840N 访问控制错误漏洞

The TP-LINK TL-WR840N is a wireless router from China P&L TP-LINK. An Access Control Error vulnerability exists in the TP-Link TL-WR840N EU v6.20, which stems from an insecure UART console, and can be exploited by an attacker to execute commands as the root user without authentication...

Hardcoded credentials

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

CVE-2022-25213 describes improper physical access control and hard-coded credentials in /etc/passwd that allow an attacker with physical access to obtain a root shell via an unprotected UART port, which also exposes an unauthenticated Das U-Boot BIOS shell. The description applies to devices with...

Siemens S7-1200 and S7-200 SMART CPUs Exposed Dangerous Method or Function (CVE-2019-13945)

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions with Function State FS 11, SIMATIC S7-200 SMART CPU CR20s 6E...

Mageia: Security Advisory (MGASA-2019-0333)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear Nighthawk R6700 License Issue Vulnerability

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

Trendnet AC2600 TEW-827DRU Encryption Issue Vulnerability

Trendnet AC2600 TEW-827DRU is a wireless router.A security vulnerability exists in the Trendnet AC2600 TEW-827DRU, which stems from the fact that the Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protection for the UART function, and an attacker could exploit the vulnerabili...

Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02661)

The Netgear RAX43 is a wireless router from Netgear, Inc. A security vulnerability exists in the Netgear RAX43, which stems from insufficient protection of the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, log in...

CVE-2021-20161

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with...

CVE-2021-20168

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default...

CVE-2021-20168

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default...