Lucene search
K
GetcujoSmart Firewall

7 matches found

CVE
CVE
added 2019/10/31 8:29 p.m.109 views

CVE-2018-4031

CVE-2018-4031 affects CUJO Smart Firewall firmware 7003. The safe-browsing component abuses Lunatik (kernel Lua) by injecting unsanitized Host header data into a Lua statement, enabling arbitrary code execution in the kernel. Exploitation can occur via crafted HTTP/HTTPS requests containing a mal...

10CVSS9.3AI score0.02669EPSS
CVE
CVE
added 2019/03/21 3:26 p.m.67 views

CVE-2018-3969

CVE-2018-3969 affects the CUJO Smart Firewall and describes a verified-boot bypass via embedding shell commands in /config/dhcpd.conf. Cisco Talos reports that an attacker who can write to /config/dhcpd.conf can cause the DHCP server to execute commands at boot, persisting across reboots and firm...

8.2CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2019/03/21 3:5 p.m.57 views

CVE-2018-4003

The CVE-2018-4003 issue affects CUJO Smart Firewall (firmware 7003) in the mdnscap mDNS parser. A heap-based buffer overflow occurs when parsing string lengths in mDNS resource records, allowing an unauthenticated remote attacker to trigger arbitrary code execution in the mdnscap process; exploit...

9.8CVSS9.8AI score0.01829EPSS
CVE
CVE
added 2019/03/21 3:42 p.m.57 views

CVE-2018-4011

CUJO Smart Firewall mdnscap (firmware 7003) is affected by CVE-2018-4011: an integer underflow in SRV RDATA parsing during mDNS DNS RR processing leads to out-of-bounds heap access and a crash of the mdnscap process. The flaw arises when rdlength is small (e.g., 0x05) and the code subtracts 6 wit...

7.5CVSS7.5AI score0.01323EPSS
CVE
CVE
added 2019/03/21 3:52 p.m.56 views

CVE-2018-3963

The CVE-2018-3963 issue affects the CUJO Smart Firewall: the DHCP daemon’s static-hostname handling inserts the hostname into dhcpd.conf without sanitization, enabling arbitrary command execution as root when a static DHCP entry is configured. The vulnerability can be triggered by a DHCP request ...

9CVSS8.1AI score0.02612EPSS
CVE
CVE
added 2019/03/21 3:30 p.m.54 views

CVE-2018-3985

CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...

9.8CVSS9.7AI score0.01857EPSS
CVE
CVE
added 2019/03/21 3:46 p.m.54 views

CVE-2018-4030

CVE-2018-4030 describes a vulnerability in the CUJO Smart Firewall (firmware 7003) where the safe-browsing HTTP/HTTPS host header is parsed incorrectly. The host value extracted from captured requests can be manipulated, enabling an attacker to bypass the firewall’s web-reputation checks and reac...

7.5CVSS6.3AI score0.01168EPSS