Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance 100

Surveillance Hacking Firmware Manufacturing 100

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 98

Firmware Authentication Software Hacking 98

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. SecurityAffairs – hacking, Dahua cameras).

Authentication 136

Authentication Firmware Hacking Engineering 136

Security Affairs

OCTOBER 4, 2023

.” The three critical issues fixed by the chipmaker are: Public ID Security Rating CVSS Rating Technology Area Date Reported CVE-2023-24855 Critical Critical (CVSS Score 9.8) WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. CVE-2023-28540 : Improper Authentication in Data Modem.

Firmware 109

Firmware Surveillance Authentication Manufacturing 109

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware 96

Firmware Firewall Authentication VPN 96

Security Affairs

JANUARY 22, 2021

The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses. Experts also published a video PoC of the KindleDRIP exploit chain on a new Kindle 10 running firmware version 5.13.2. Pierluigi Paganini.

Hacking 138

Hacking Authentication Firmware Phishing 138

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 135

Firmware Authentication Hacking Software 135

Security Affairs

SEPTEMBER 6, 2021

Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. GC108PP fixed in firmware version 1.0.8.2

Firmware 113

Firmware Authentication Passwords Hacking 113

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 96

Firmware Authentication Passwords Hacking 96

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware 125

Firmware Wireless Advertising Authentication 125

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware 94

Firmware Education Media Authentication 94

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware 137

Firmware Spyware Surveillance Hacking 137

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable. .

Firmware 132

Firmware Encryption Authentication Passwords 132

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 96

Authentication Firmware Hacking Passwords 96

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 143

IoT Firmware Authentication Wireless 143

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking 91

Hacking Firmware Media Authentication 91

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware 110

Firmware Ransomware Passwords Mobile 110

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. SecurityAffairs – hacking, Zyxel). The CVE-2022-34747 (CVSS score: 9.8) 11)C0 and earlier V5.21(AAZF.12)C0

Firewall 93

Firewall Firmware Authentication VPN 93

Security Affairs

MARCH 9, 2022

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. SecurityAffairs – hacking, IoT).

Firmware 98

Firmware IoT Authentication Backups 98

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware 97

Firmware Penetration Testing Manufacturing Authentication 97

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0. .

Firmware 138

Firmware Technology Advertising Authentication 138

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. SecurityAffairs – hacking, Zyxel). Follow me on Twitter: @securityaffairs and Facebook.

VPN 120

VPN Firewall Firmware Authentication 120

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 100

Passwords Hacking Wireless Authentication 100

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 118

Firmware Wireless Passwords Internet 118

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware 139

Firmware Authentication Passwords Manufacturing 139

Security Affairs

AUGUST 1, 2023

Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access. Keep the printer’s firmware and software up to date and disable unnecessary services or protocols on the printer that are not required for its intended function.

Wireless 98

Wireless Firmware Passwords Authentication 98

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. SecurityAffairs – hacking, Medtronic). ” states the advisory. ” states the advisory. . Pierluigi Paganini.

Firmware 109

Firmware Authentication Mobile IoT 109

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. SecurityAffairs – hacking, IP cameras). IP cameras exposed, with US in the lead</strong> appeared first on Security Affairs.

Surveillance 137

Surveillance Manufacturing Passwords Internet 137

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

DECEMBER 12, 2020

“Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” ” reads the security advisory published by CISA. Update the firmware on CompactRIO controllers to v8.5 Pierluigi Paganini.

Firmware 97

Firmware Manufacturing Software Authentication 97

Security Affairs

OCTOBER 9, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 387 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches 96

Data breaches Firmware Ransomware Hacking 96

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. Pierluigi Paganini.

Firmware 96

Firmware Wireless Authentication Advertising 96

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking 48

Hacking Firmware Advertising DDOS 48

Security Affairs

JULY 1, 2020

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Authentication is not required to exploit this vulnerability.”

Authentication 138

Authentication Firmware Hacking Mobile 138

Security Affairs

SEPTEMBER 2, 2021

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm. Crashes generally trigger a fatal assertion, segmentation faults due to a buffer or heap overflow within the SoC firmware.

Firmware 99

Firmware Manufacturing IoT Technology 99

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security 128

Network Security Authentication Firmware Passwords 128