Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_SERVER_LIST_REQUEST out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2021-1378 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETSERVERLISTREQUEST out-of-bounds write vulnerability November 29, 2021 CVE Number CVE-2021-21950,CVE-2021-21951 SUMMARY An out-of-bounds write vulnerability exists in the CMDDEVICEGETSERVERLISTREQUEST...

Anker Eufy Homebase 2 home_security CMD_DEVICE_GET_RSA_KEY_REQUEST authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1379 Anker Eufy Homebase 2 homesecurity CMDDEVICEGETRSAKEYREQUEST authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21952 SUMMARY An authentication bypass vulnerability exists in the CMDDEVICEGETRSAKEYREQUEST functionality of the...

Anker Eufy Homebase 2 home_security get_aes_key_info_by_packetid() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1382 Anker Eufy Homebase 2 homesecurity getaeskeyinfobypacketid authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21955 SUMMARY An authentication bypass vulnerability exists in the getaeskeyinfobypacketid function of the homesecurity...

Anker Eufy Homebase 2 home_security process_msg() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2021-1380 Anker Eufy Homebase 2 homesecurity processmsg authentication bypass vulnerability November 29, 2021 CVE Number CVE-2021-21953 SUMMARY An authentication bypass vulnerability exists in the processmsg function of the homesecurity binary of Anker Eufy Homeba...

Anker Eufy Homebase 2 home_security wifi_country_code_update command execution vulnerability

Talos Vulnerability Report TALOS-2021-1381 Anker Eufy Homebase 2 homesecurity wificountrycodeupdate command execution vulnerability November 29, 2021 CVE Number CVE-2021-21954 SUMMARY A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of...

Advantech R-SeeNet installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'device_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘devicelist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'user_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘userlist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities with the administrativ...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'group_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as...

CloudLinux Inc Imunify360 Ai-Bolit php unserialize vulnerability

Summary A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.8 and 5.9. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions...

LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1350 LibreCad libdxfrw dwgCompressor::copyCompBytes21 heap-based buffer overflow vulnerability November 17, 2021 CVE Number CVE-2021-21899 SUMMARY A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw...

LibreCad libdxfrw dwgCompressor::decompress18() out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2021-1349 LibreCad libdxfrw dwgCompressor::decompress18 out-of-bounds write vulnerability November 17, 2021 CVE Number CVE-2021-21898 SUMMARY A code execution vulnerability exists in the dwgCompressor::decompress18 functionality of LibreCad libdxfrw...

LibreCad libdxfrw dxfRW::processLType() use-after-free vulnerability

Talos Vulnerability Report TALOS-2021-1351 LibreCad libdxfrw dxfRW::processLType use-after-free vulnerability November 17, 2021 CVE Number CVE-2021-21900 SUMMARY A code execution vulnerability exists in the dxfRW::processLType functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A...

Google Chrome WebRTC addIceCandidate use after free vulnerability

Summary A use after free vulnerability exists in the WebRTC functionality of Google Chrome 91.0.4472.114 Stable and 93.0.4575.0 Canary. A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution. Victim would need to visit a malicious...

Lantronix PremierWave 2050 Web Manager FsBrowseClean directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Lantronix PremierWave 2050 Web Manager Applications and FsBrowse local file inclusion vulnerability

Summary A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to...

Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4. Specially-crafted HTTP requests can lead to arbitrary command execution. An attacker can make authenticated HTTP requests to trigger these vulnerabilities...

Lantronix PremierWave 2050 Web Manager Ping stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Lantronix PremierWave 2050 Web Manager SslGenerateCSR OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Lantronix PremierWave 2050 Web Manager SSL Credential Upload OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exist in the Web Manager SSL Credential Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

Lantronix PremierWave 2050 Web Manager FsCopyFile directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability

Talos Vulnerability Report TALOS-2021-1332 Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability November 15, 2021 CVE Number CVE-2021-21888 Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of...

Lantronix PremierWave 2050 Web Manager FsBrowseClean stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...

Lantronix PremierWave 2050 Web Manager FSBrowsePage directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

Lantronix PremierWave 2050 Web Manager SslGenerateCSR stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager FsUnmount stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager FsMove directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions...

Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability

Summary A signature check bypass vulnerability exists in the Security Monitor SMSyscallStageBaseManifests image validation functionality of Microsoft Azure Sphere 21.01. A specially crafted manifest can lead to a firmware downgrade. An attacker can use syscalls to trigger this vulnerability. Test...

Microsoft Azure Sphere Kernel GPIO_SET_PIN_CONFIG_IOCTL information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1339 Microsoft Azure Sphere Kernel GPIOSETPINCONFIGIOCTL information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOSETPINCONFIGIOCTL functionality of Microsoft Azure Sphere 21.06. A...

Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging stage-without-manifest denial of service vulnerability

Summary A denial of service vulnerability exists in the Security Monitor SMSyscallCommitImageStaging stage-without-manifest functionality of Microsoft Azure Sphere 21.01. A specially crafted image package can lead to boot looping, requiring manual recovery. An attacker can flash a malicious image...

Microsoft Azure Sphere Kernel GPIO_GET_PIN_ACCESS_CONTROL_USER information disclosure vulnerability

Talos Vulnerability Report TALOS-2021-1340 Microsoft Azure Sphere Kernel GPIOGETPINACCESSCONTROLUSER information disclosure vulnerability November 9, 2021 CVE Number None SUMMARY An information disclosure vulnerability exists in the GPIOGETPINACCESSCONTROLUSER functionality of Microsoft Azure...

Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the Security Monitor SMSyscallStageBaseManifests offset calculation of Microsoft Azure Sphere 21.01. A specially crafted manifest could lead to information disclosure. An attacker can use syscalls to trigger this vulnerability. Tested Versions...

Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability

Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...

Microsoft Azure Sphere Security Monitor SMSyscallCommitImageStaging 1BL firmware downgrade vulnerability

Summary A firmware downgrade vulnerability exists in the Security Monitor SMSyscallCommitImageStaging 1BL functionality of Microsoft Azure Sphere 21.01. A specially-crafted set of Secmon syscalls can lead to downgrading the version of the 1BL firmware. An attacker can use syscalls to trigger this...

Gerbv drill format T-code tool number out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...

ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow and leads to remote code execution. An attacker needs to provide a URL to the...

ZTE MF971R ADB_MODE_SWITCH stack-based buffer overflow vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow which can lead to remote code execution. An attacker needs to provide a URL to...

ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability

Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...

ZTE MF971R goform_get_cmd_process Config Control External config control vulnerability

Summary An exploitable Pre-Auth Configuration File Control vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a configuration file entry overwrite. An attacker needs to provide a URL to the victim to trigger the...

ZTE MF971R HTTP_HOST CRLF Injection vulnerability

Summary An exploitable CRLF injection vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a CRLF injection. An attacker needs to provide a URL to the victim to trigger the vulnerability. Tested Versions ZTE...

ZTE MF971R xmlclient cross-site scripting vulnerability

Summary An exploitable Cross-Site-Scripting XSS vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker...

ZTE MF971R Referer authentication bypass vulnerability

Summary An exploitable Referer mitigation bypass vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can bypass Referer-based mitigation. An attacker needs to provide a URL to the victim to trigger the vulnerability. Teste...

Nitro Pro PDF JavaScript local_file_path Object use-after-free vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to co...