7 matches found
CVE-2018-4031
CVE-2018-4031 affects CUJO Smart Firewall firmware 7003. The safe-browsing component abuses Lunatik (kernel Lua) by injecting unsanitized Host header data into a Lua statement, enabling arbitrary code execution in the kernel. Exploitation can occur via crafted HTTP/HTTPS requests containing a mal...
CVE-2018-3969
CVE-2018-3969 affects the CUJO Smart Firewall and describes a verified-boot bypass via embedding shell commands in /config/dhcpd.conf. Cisco Talos reports that an attacker who can write to /config/dhcpd.conf can cause the DHCP server to execute commands at boot, persisting across reboots and firm...
CVE-2018-4003
The CVE-2018-4003 issue affects CUJO Smart Firewall (firmware 7003) in the mdnscap mDNS parser. A heap-based buffer overflow occurs when parsing string lengths in mDNS resource records, allowing an unauthenticated remote attacker to trigger arbitrary code execution in the mdnscap process; exploit...
CVE-2018-4011
CUJO Smart Firewall mdnscap (firmware 7003) is affected by CVE-2018-4011: an integer underflow in SRV RDATA parsing during mDNS DNS RR processing leads to out-of-bounds heap access and a crash of the mdnscap process. The flaw arises when rdlength is small (e.g., 0x05) and the code subtracts 6 wit...
CVE-2018-3963
The CVE-2018-3963 issue affects the CUJO Smart Firewall: the DHCP daemon’s static-hostname handling inserts the hostname into dhcpd.conf without sanitization, enabling arbitrary command execution as root when a static DHCP entry is configured. The vulnerability can be triggered by a DHCP request ...
CVE-2018-3985
CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...
CVE-2018-4030
CVE-2018-4030 describes a vulnerability in the CUJO Smart Firewall (firmware 7003) where the safe-browsing HTTP/HTTPS host header is parsed incorrectly. The host value extracted from captured requests can be manipulated, enabling an attacker to bypass the firewall’s web-reputation checks and reac...