Security Affairs

OCTOBER 4, 2023

Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible. Please contact your device manufacturer for more information on the patch status about specific devices.”

Firmware 100

Firmware Surveillance Authentication Manufacturing 100

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 93

Firmware Authentication Software Hacking 93

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. Vendor supplies information.

Firmware 125

Firmware Encryption Authentication Passwords 125

Security Affairs

MAY 11, 2023

. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” ” The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94 The remaining ones are authentication bypass and command injection flaws. for the RAX30 router family. We are in the final!

Hacking 95

Hacking Firmware Authentication DNS 95

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The malicious build interferes with the authentication in sshd through systemd.

Firmware 119

Firmware Authentication Engineering Hacking 119

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware 89

Firmware Firewall Authentication VPN 89

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware 119

Firmware Wireless Passwords Internet 119

Security Affairs

AUGUST 1, 2023

Canon warns that sensitive information on the Wi-Fi connection settings stored in the memories of home and office/large format inkjet printers may not be deleted by the usual initialization process. Set up strong authentication mechanisms, such as complex passwords or use multi-factor authentication (MFA) for printer access.

Wireless 94

Wireless Firmware Passwords Authentication 94

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 143

IoT Firmware Authentication Wireless 143

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. The post Zyxel addressed a critical RCE flaw in its NAS devices appeared first on Security Affairs. 9)C0 NAS542 V5.21(ABAG.8)C0

Firewall 83

Firewall Firmware Authentication VPN 83

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 127

Authentication Firmware Hacking Engineering 127

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

Firmware 115

Firmware Wireless Advertising Authentication 115

Security Affairs

JUNE 12, 2022

By using the manufacturer’s built-in ports, we were able to manipulate on-board components and interact with the device.Combining both known and novel techniques, we were able to achieve root access to the device’s operating system and pull its firmware for emulation and vulnerability discovery.” Overall 4.8. Overall 4.8.

Firmware 87

Firmware Penetration Testing Manufacturing Authentication 87

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware 85

Firmware Education Media Authentication 85

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 142

Firmware Architecture Malware Hacking 142

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware 111

Firmware Ransomware Passwords Mobile 111

Security Affairs

APRIL 25, 2021

. “The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. ” states the report published by Eye security.

Firmware 112

Firmware Passwords Authentication Wireless 112

Security Affairs

JANUARY 3, 2020

Experts disclosed PoC exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. ”” D-Link, was informed about the flaw by a third-party company in mid-October, but its initial security advisory only identified the DIR-859 router family as being vulnerable.

Advertising 62

Advertising Firmware VPN Authentication 62

Security Affairs

MARCH 7, 2020

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” x, SPS_E3_05.00.04.027.0.

Firmware 128

Firmware Technology Advertising Authentication 128

Security Affairs

AUGUST 13, 2023

This platform serves as an integrated hub of information and control for all interconnected devices. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5) CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2)

Hacking 86

Hacking Firmware Authentication Software 86

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated.

Firmware 92

Firmware IoT Authentication Backups 92

Security Affairs

JULY 11, 2019

The vulnerability could be exploited by an attacker with access to the system running the tool to escalate privileges, obtain information, or trigger a denial-of-service ( DoS ) condition. ” reads the security advisory. ” reads the security advisory. ” reads the analysis published by Intel.

Firmware 79

Firmware Advertising Authentication Hacking 79

SiteLock

AUGUST 27, 2021

Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices.

Small Business 98

Small Business Artificial Intelligence Firmware IoT 98

Security Affairs

AUGUST 27, 2021

This information is being shared as part of a coordinated disclosure with ICS-CERT, which published advisory ICSA-21-238-02 , and with the vendor, Annke, which has released firmware that fixes the issue.” ” reads the security advisory published by Nozomi Networks Labs. The mainboard of the Annke N48PBB.

Surveillance 100

Surveillance Hacking Firmware Manufacturing 100

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware 102

Firmware Authentication Mobile IoT 102

Security Affairs

JULY 25, 2020

Unfortunately, some of the impacted models have reached their End-of-Support (“EOS”)/ End-of-Life (“EOL”) date, which means they wouldn’t receive security updates to fix the issues. B09 (and below) will receive no security updates remaining vulnerable.

Firmware 101

Firmware Advertising Authentication Hacking 101

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. ” explained Vladimir Kononovich, Senior Specialist of ICS Security at Positive Technologies. Both issues received a CVSSv3.0 score of 6.8.

Hacking 116

Hacking Firmware Encryption Manufacturing 116

Security Affairs

JUNE 24, 2021

The threat actors are targeting the USG, ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Upon accessing the devices, attackers then bypass authentication and establish SSL VPN tunnels with unknown user accounts (i.e. The company states that devices running the Nebula cloud management mode are not impacted.

VPN 111

VPN Firewall Firmware Authentication 111

Security Affairs

OCTOBER 5, 2020

The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. The firmware malware is based on code associated with HackingTeam’s VectorEDK bootkit, with minor changes. ” concludes the report.

Firmware 127

Firmware Spyware Surveillance Hacking 127

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication 88

Authentication Firmware Hacking Passwords 88

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware 129

Firmware Authentication Passwords Manufacturing 129

Security Affairs

SEPTEMBER 29, 2021

The agencies published an Information Sheet that provided recommendations on the criteria to adopt to select a remote access VPN service and instructions on how to harden the VPN to prevent their compromise. It is important to use multi-factor authentication. ” states the joint announcement published by the US agencies.

VPN 127

VPN Government Firmware Authentication 127

Security Affairs

MARCH 3, 2023

library could potentially lead to information disclosure or privilege escalation. that could potentially lead to information disclosure or privilege escalation. “An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing access to sensitive data.

Firmware 97

Firmware IoT Authentication Hacking 97

Security Affairs

DECEMBER 14, 2022

While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies. It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.

Surveillance 129

Surveillance Manufacturing Passwords Internet 129

Security Affairs

DECEMBER 12, 2020

“Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” ” reads the security advisory published by CISA. Update the firmware on CompactRIO controllers to v8.5

Firmware 87

Firmware Manufacturing Software Authentication 87

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 129

Ransomware Firmware Antivirus Accountability 129

SecureList

FEBRUARY 27, 2024

However, we decided not to update the toy immediately in order to explore what could be extracted from the older firmware version. This information is delivered in plaintext via the HTTP protocol, making it vulnerable to interception by network traffic analysis software, as we observed while examining early network traffic.

Education 84

Education Manufacturing Firmware Internet 84