CVE-2018-11820

Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2018-11938

Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

Sue Gordon: Silicon Valley Should Work With the Government

In an expansive on-the-record interview with WIRED, the principal deputy director of national intelligence made her pitch for public-private partnerships...

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day...

Defending Elections from Foreign Adversaries: Election Buster

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee DNC IT services company, and foreign adversaries...

CVE-2018-5797

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smintencrypt Hardcoded AES Key that can be used for packet decryption obtaining cleartext credentials by an attacker who has access to a wired port...

CVE-2018-5797

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smintencrypt Hardcoded AES Key that can be used for packet decryption obtaining cleartext credentials by an attacker who has access to a wired port...

Hardcoded credentials

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smintencrypt Hardcoded AES Key that can be used for packet decryption obtaining cleartext credentials by an attacker who has access to a wired port...

wired.com XSS vulnerability

Open Bug Bounty ID: OBB-551543 Description| Value ---|--- Affected Website:| wired.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on...

wired-destinations.com XSS vulnerability

Open Bug Bounty ID: OBB-543619 Description| Value ---|--- Affected Website:| wired-destinations.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

VulnCheck KEV: CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...

Design/Logic Flaw

DISPUTED HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but mor...

CVE-2017-14953

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an...

CVE-2017-14953

CVE-2017-14953 affects Hikvision Wi‑Fi IP cameras (example: DS-2CD2432F-IW) used in wired configurations. The vulnerability arises from a default unencrypted, unauthenticated SSID (e.g., “davinci”) enabling physically proximate attackers to force association with an arbitrary access point, potent...

HikVision Wi-Fi IP Camera Wireless Access Point State

Hikvision Wi-Fi IP Cameras associate to a default unencrypted rogue SSIDs in a wired configuration Full disclosure Nov 27, 2017 Synopsis: --- HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version,...

Android Qualcomm Wired connectivity elevation of privilege vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA. connectivity is a wired connectivity component developed by Qualcomm Incorporated. An elevation of privilege...

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability(CVE-2017-2915)

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for hardware platform in category web applications /...

The NSA Confirms It: Russia Hacked French Election ‘Infrastructure’

NSA Director Michael Rogers provides the first US government confirmation that Russia successfully compromised elements of the French election. The post The NSA Confirms It: Russia Hacked French Election ‘Infrastructure’ appeared first on WIRED...

A New Way to Securely Send Information to WIRED

Announcing WIRED's new installation of SecureDrop, a better way to securely send us sensitive tips and leaks. The post A New Way to Securely Send Information to WIRED appeared first on WIRED...