165 matches found
Hardcoded credentials
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
CVE-2020-12024
CVE-2020-12024 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and ExactaMix EM1200 (versions 1.1, 1.2, 1.4, 1.5). Root cause: inadequate restriction of USB interface access by unauthorized users with physical access, enabling loading of unauthorized payloads or direct hard driv...
CVE-2020-12024
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to th...
Turning an OBD-II reader into a USB / NFC attack tool
One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...
CVE-2019-19526
A use-after-free flaw was found in the pn533usbprobe USB interface in the Linux kernel. If the driver registration fails it needs to do all the cleanup activity and free all the related resources. A malicious USB device can cause this process to fail, causing a use-after-free vulnerability. Syste...
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines, which allows a perpetrator to cause a service failure.
The vulnerability of the built-in software of the “Granit-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to trigger a service failure by sending a specially crafted SMS command e.g., BB+GP=vuln%x when connecting to th...
Rockwell Automation 1784-U2DN USB Interface Communication Adapter
Binary data 752991.prm...
Rockwell Automation 1784-U2CN USB Interface Communication Adapter
Binary data 752990.prm...
CVE-2018-7924
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
Design/Logic Flaw
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
CVE-2018-7924
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151C00 have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information...
CVE-2018-7924
CVE-2018-7924 affects Huawei Anne-AL00 phones with versions earlier than 8.0.0.151(C00). The issue is an information leak caused by improper permission settings for certain USB commands, enabling an attacker with physical access to connect via USB and obtain specific device information. Connected...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei phones have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. Vulnerability ID:...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Tegra_Bootrom_Rcm
This is a proof-of-concept arbitrary code loader for Tegra processors, which takes advantage of CVE-2018-6242 "Fusée Gelée" to gain arbitrary code execution and load small payloads over USB. The vulnerability is documented in the 'report' subfolder, and more details and guides are to follow. The...
The vulnerability of the Android operating system from the CAF repository, related to insufficient checking of the USB interface during loading, allows a hacker to execute arbitrary code.
The vulnerability of the Android operating system from the CAF repository arises from the execution of an operation outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, due to insufficient protection of the USB interface during...
Input validation
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot...
CVE-2014-9981
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot...
CVE-2014-9981
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot...
CVE-2014-9981
CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...
How to pass kernel command injection bypass Nexus 6 safe start mode-bug warning-the black bar safety net
In 2017 5 on the Android security announcements, Google released a security patch that fixes the Nexus 6 bootloader in the discovery of a serious Vulnerability, CVE-2016-10277 in. Exploit this vulnerability, a physical attacker or a already have the bootloader locked down the target device...