CVE-2018-6311

CVE-2018-6311 affects Foxconn FEMTO AP-FC4064-T (AP_GT_B38_5.8.3lb15-W47 LTE Build 15). The vulnerability allows gaining root access via UART pins, leading to full system compromise and exposure of user communications. Connected records corroborate root-privilege elevation without restrictions on...

REMOTE CODE EXECUTION (CVE-2017-13772) WALKTHROUGH ON A TP-LINK ROUTER

INTRODUCTION In this post, I will be discussing my recent findings while conducting vulnerability research on a home router: TP-Link’s WR940N home WiFi router. This post will outline the steps taken to identify vulnerable code paths, and how we can exploit those paths to gain remote code executio...

Fedora 25 : xen (2017-ed735463e3)

Qemu: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330 1457698 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-10664 1466466 revised full fix for XSA-226 regressed 32-bit Dom0 or backend domains ---- full fix for XSA-226, replacing workaround drop conflic...

Brickcom IP Camera - Credentials Disclosure Vulnerability

Exploit for hardware platform in category web applications 1. Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302N...

Brickcom IP Camera - Credentials Disclosure

Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af, OB-500Af Remotely Exploitable: Yes...

Qemu: serial: host memory leakage 16550A UART emulation

Memory leak in the serialexitcore function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...

Qemu: serial: host memory leakage 16550A UART emulation

Memory leak in the serialexitcore function in hw/char/serial.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption and QEMU process crash via a large number of device unplug operations...

USN-3261-1 qemu vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. CVE-2016-10028, CVE-2016-10029 Li Qiang discovered...

Security update for xen (important)

This updates xen to version 4.4.406 to fix the following issues: - An unprivileged user in a guest could gain guest could escalate privilege to that of the guest kernel, if it had could invoke the instruction emulator. Only 64-bit x86 HVM guest were affected. Linux guest have not been vulnerable...

A for TP-Link debug Protocol TDDP）vulnerability Mining the story-vulnerability warning-the black bar safety net

I wrote this article originally in order to simplify the WiFi penetration testing research work. We want to use last year by the Core Security released WIWO, it can be a computer network interface and a WiFi Router between the establishment of a transparent channel. Research the first step is to...

SUSE SLES11 Security Update : kvm (SUSE-SU-2016:2902-1)

This update for kvm fixes the following issues : - Address various security/stability issues - Fix OOB access in xlnx.xpx-ethernetlite emulation CVE-2016-7161 bsc1001151 - Fix OOB access in VMware SVGA emulation CVE-2016-7170 bsc998516 - Fix DOS in ColdFire Fast Ethernet Controller emulation...

Debian DLA-678-1 : qemu security update

Multiple vulnerabilities have been found in QEMU : CVE-2016-8576 Quick Emulator Qemu built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could occur while processing USB command ring in 'xhciringfetch'. CVE-2016-8577 Quick Emulator Qemu built with the...

[SECURITY] [DLA 679-1] qemu-kvm security update

Package : qemu-kvm Version : 1.1.2+dfsg-6+deb7u17 CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 Multiple vulnerabilities have been found in qemu-kvm: CVE-2016-8576 qemu-kvm built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could...

[SECURITY] [DLA 678-1] qemu security update

Package : qemu Version : 1.1.2+dfsg-6+deb7u17 CVE ID : CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 Multiple vulnerabilities have been found in QEMU: CVE-2016-8576 Quick Emulator Qemu built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could...

DLA-679-1 qemu-kvm - security update

Bulletin has no description...

DLA-678-1 qemu - security update

Bulletin has no description...

QEMU 'uart_write()' Denial of Service Vulnerability

QEMU is a suite of analog processor software. A security vulnerability in QEMU 'uartwrite' allows attackers to exploit the vulnerability to crash the QEMU program, resulting in a denial of service...

D-Link Wi-Fi Camera Flaw Extends to 120 Products

Update A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Researchers at Senrio, who found the original vulnerability, disclosed today additional details of product vulnerabilities related to the component aft...

Prolific PL2303 USB-UART - Runtime command execution, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Prolific PL2303 USB-UART published at the 'play' market has multiple vulnerabilities...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This update fixes the following security issues : - A heap overflow flaw was found in the Linux kernel's Transparent Inter-Process Communication protocol TIPC implementation. A local, unprivileged user could use this flaw to escalate their privileges. CVE-2010-3859, Important - Missing sanity...