Code injection in `saved_model_cli`

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings python def preprocessinputexprsargstringinputexprsstr: ... for inputraw in filterbool, inputexprsstr.split';': ... inputkey, expr = inputraw.split'=', 1 inputdictinputkey = evalexpr...

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A...

Axis Network Camera .srv-to-parhand RCE

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis Network Camer...

Newsmaker Interview: VDOO CEO Talks Top IoT Threats

IoT security is like a game of Whac-A-Mole. Fix one CVE and four new bugs pop up. Last month, researchers found a slew of vulnerabilities in Axis cameras that could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Also in June, IP...

Major Vulnerabilities in Foscam Cameras

For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security. In most cases, the research was carried out together with the device vendors for the sake of efficiency and transparency...

Axis cameras there are security flaws, three of the vulnerabilities can be taken over-vulnerability warning-the black bar safety net

Network security company VDOO researchers recently discovered several vulnerabilities affect the Axis nearly 400 security cameras. From the network security company VDOO researchers on IOT devices conducted a study and found that the axis company manufacturing the camera of the presence of seven...

VDOO Axis Camera Authentication Bypass (CVE-2018-10661; CVE-2018-10658; CVE-2018-10659; CVE-2018-10662; CVE-2018-10663; CVE-2018-10664)

An authentication bypass vulnerability exists in VDOO Axis Cameras. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

Foscam Issues Patches For Vulnerabilities in IP Cameras

Foscam is urging customers to update their security cameras after researchers found three vulnerabilities in that could enable a bad actor to gain root access knowing only the camera’s IP address. The vulnerability trifecta includes an arbitrary file-deletion bug, a shell command-injection flaw a...