Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN devic...

The vulnerability of the proactor1.2 service (/usr/sbin/proactor1.2/pro), a microprogramming software for network interfaces and VPN devices from Zyxel, allows attackers to circumvent existing security restrictions.

The vulnerability of the proactor1.2 service /usr/sbin/proactor1.2/pro, a microprogrammed software for network interfaces and VPN devices from Zyxel, is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow an attacker to bypass existing security...

The vulnerability of the account_operator.cgi file in the microprogramming software for ZyXEL USG FLEX and VPN devices allows a hacker to alter the device’s configuration data and trigger a service failure.

The vulnerability of the accountoperator.cgi file in the ZyXEL USG FLEX and VPN networking devices relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to remotely alter the device’s...

The vulnerability of microprogrammed software in network devices such as Zyxel ZyWALL/USG, VPN, USG FLEX, ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of Zyxel ZyWALL/USG, VPN, USG FLEX, and ATP network devices exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Teltonika Remote Management System 代码问题漏洞

Teltonika Remote Management System is a Teltonika remote management system for managing Teltonika products. A code issue vulnerability exists in Teltonika Remote Management System versions prior to 4.10.0. An attacker could use this vulnerability to scan and access data from other Teltonika devic...

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

The continuous improvement of security solutions has forced attackers to explore alternative ways to compromise systems. The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating...

Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)

On Tuesday, April 20, 2021, security firm FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN. According to FireEye’s analysis, threat actors have been leveraging multiple techniques to bypass single- and multi-factor authentication on Puls...

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Download “The Evolution of Ransomware” to gain valuable...

Cisco RV110W/RV130/RV130W/RV215W Remote Command Execution and Denial of Service Vulnerability (CNVD-2021-41208)

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

Cisco RV110W/RV130/RV130W/RV215W Remote Command Execution and Denial of Service Vulnerability (CNVD-2021-41205)

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

Cisco RV110W/RV130/RV130W/RV215W Remote Command Execution and Denial of Service Vulnerability (CNVD-2021-41194)

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

Cisco RV110W/RV130/RV130W/RV215W Remote Command Execution and Denial of Service Vulnerability (CNVD-2021-41180)

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

The vulnerability of the weblogin.cgi component in NAS (Network Attached Storage) storage systems and micro-programming software for Ethernet interfaces of UTM, ATP, and VPN devices allows a hacker to execute arbitrary code.

The vulnerability of the weblogin.cgi component in NAS Network Attached Storage storage systems and microprogramming software for Ethernet interfaces of UTM, ATP, and VPN devices is related to errors during the verification of the username parameter. Exploiting this vulnerability allows a malicio...

o2micro debug.php 后门漏洞

网御神州、天融信、美国凹凸等vpn设备开发疑似源于同一套技术，其中有技术维护使用的后门文件debug.php没有删除，该后门文件可以执行任意php代码，SQL语句。 网御神州、天融信、美国凹凸等vpn设备...