27 matches found
EUVD-2023-50873
Malicious code in bioql PyPI...
EUVD-2023-53544
Malicious code in bioql PyPI...
15 vulnerabilities discovered in software development kit for wireless routers
Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...
CVE-2023-49593
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...
CVE-2023-46685
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...
CVE-2023-46685
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...
CVE-2023-49593
CVE-2023-49593 affects LevelOne WBR-6013 wireless router (Boa web server, Realtek SDK) where leftover debug code in the /boafrm/formSysCmd API allows an attacker to execute arbitrary commands via a crafted network request. Talos confirms the vulnerability, including an exploitable path and a PoC,...
CVE-2023-46685
A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...
CVE-2023-49593
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...
CVE-2023-49593
Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...
CVE-2023-46685
CVE-2023-46685 affects LevelOne WBR-6013 (telnetd) with a hard-coded password vulnerability. Talos documents a vulnerability in the telnetd service enabling arbitrary command execution via specially crafted network packets, potentially achieving root access. A PoC exists and shows remote code exe...
Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2023-1872 Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery CSRF vulnerability July 8, 2024 CVE Number CVE-2023-47677 SUMMARY A cross-site request forgery csrf vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1876 Realtek rtl819x Jungle SDK boa formDnsv6 stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-48270 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11....
Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1891 Realtek rtl819x Jungle SDK boa setRepeaterSsid stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45215 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle...
Realtek rtl819x Jungle SDK boa set_RadvdPrefixParam stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1892 Realtek rtl819x Jungle SDK boa setRadvdPrefixParam stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-47856 SUMMARY A stack-based buffer overflow vulnerability exists in the boa setRadvdPrefixParam functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1895 Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities July 8, 2024 CVE Number CVE-2023-50243,CVE-2023-50244 SUMMARY Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1877 Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45742 SUMMARY An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK...
LevelOne WBR-6013 Security Vulnerability
The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from a hard-coded password vulnerability in the telnetd function, which can lead to arbitrary command execution via specially crafted...
LevelOne WBR-6013 telnetd hard-coded password vulnerability
Talos Vulnerability Report TALOS-2023-1871 LevelOne WBR-6013 telnetd hard-coded password vulnerability July 8, 2024 CVE Number CVE-2023-46685 SUMMARY A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted...
Realtek rtl819x Jungle SDK boa rollback_control_code stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1878 Realtek rtl819x Jungle SDK boa rollbackcontrolcode stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49595 SUMMARY A stack-based buffer overflow vulnerability exists in the boa rollbackcontrolcode functionality of Realtek rtl819x...