CVE-2019-10207

The CVE-2019-10207 entry describes a local DoS in Linux kernels via Bluetooth UART mishandling. Affected: Linux kernel Bluetooth UART implementation, versions 3.x.x prior to 4.18.0 and 5.x.x. Vulnerable action: a crafted ioctl call by a local attacker with write access to Bluetooth hardware can c...

CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...

CVE-2019-10207

A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash...

CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...

UBUNTU-CVE-2019-10207

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...

CVE-2018-15556

CVE-2018-15556 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q (firmware v1.1.02.22). An attacker can log in as root with an empty password via the onboard UART headers, enabling full shell access. Public PoC material exists (PacketStorm/full disclosure) describing UART-based pr...

Code injection

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

CVE-2019-12789

CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...

Telus Actiontec WEB6000Q Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: CVE-2018-15555 Main OS CVE: CVE-2018-15556 Quantenna OS Summary of Findings Both “main”...

What’s in the Box?

ARCHIVED STORY What’s in the Box? By Sam Quinn · February 25, 2019 2018 was another record-setting year in the continuing trend for consumer online shopping. With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that...

openthread/cli-uart-received-fuzzer: Index-out-of-bounds in ot::Cli::Uart::ReceiveTask

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5730276330700800 Project: openthread Fuzzer: libFuzzeropenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: libfuzzerubsanopenthread Platform Id: linux Cras...

Code injection

The ASPEED ast2400 and ast2500 Baseband Management Controller BMC hardware and firmware implement Advanced High-performance Bus AHB bridges, which allow arbitrary read and write access to the BMC's physical address space from the host or from the network in unusual cases where the BMC console uar...

CVE-2019-6260

The ASPEED ast2400 and ast2500 Baseband Management Controller BMC hardware and firmware implement Advanced High-performance Bus AHB bridges, which allow arbitrary read and write access to the BMC's physical address space from the host or from the network in unusual cases where the BMC console uar...

Teltonika RUT9XX Missing Access Control To UART Root Terminal

Teltonika RUT9XX Missing Access Control to UART Root Terminal Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02TeltonikaIncorrectAccessControl Vulnerability Overview Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial...

Teltonika RUT9XX Missing Access Control To UART Root Terminal Vulnerability

Exploit for cgi platform in category web applications Teltonika RUT9XX Missing Access Control to UART Root Terminal Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02TeltonikaIncorrectAccessControl Vulnerability Overview Teltonika RUT9XX routers with firmware...

CVE-2018-9149

The Zyxel Multy X AC3000 Tri-Band WiFi System device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker...

CVE-2018-9149

The CVE-2018-9149 entry concerns Zyxel Multy X (AC3000 Tri-Band WiFi System). The vulnerability arises from an inadequate protection mechanism for the UART, enabling an attacker who physically accesses the device (after dismantling) to connect via USB-UART and log in with the root password 1234. ...

CVE-2018-6311

CVE-2018-6311 affects Foxconn FEMTO AP-FC4064-T (AP_GT_B38_5.8.3lb15-W47 LTE Build 15). The vulnerability allows gaining root access via UART pins, leading to full system compromise and exposure of user communications. Connected records corroborate root-privilege elevation without restrictions on...

Brickcom IP Camera - Credentials Disclosure

Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af, OB-500Af Remotely Exploitable: Yes...

A for TP-Link debug Protocol TDDP）vulnerability Mining the story-vulnerability warning-the black bar safety net

I wrote this article originally in order to simplify the WiFi penetration testing research work. We want to use last year by the Core Security released WIWO, it can be a computer network interface and a WiFi Router between the establishment of a transparent channel. Research the first step is to...