CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.

This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.



**CleverTap Cordova Plugin**

  

**👋 Introduction**

The CleverTap Cordova Plugin for Mobile Customer Engagement and Analytics solutions.

For more information check out our website and documentation.

To get started, sign up here.

**✅ Supported Versions**

*   CleverTap Android SDK version 4.6.6
*   CleverTap iOS SDK version 4.2.2

**🚀 Installation and Quick Start**

To install CleverTap for Cordova, follow the steps mentioned below:

When you create your CleverTap account, you will also get a -Test account. Use the -Test account for development and the main account for production.

**Install the Plugin**

Grab the Account ID and Token values from your CleverTap Dashboard -> Settings.

**For Android _Important_**

Starting with v2.0.0, the plugin uses FCM rather than GCM. To configure FCM, add your google-services.json to the root of your cordova project **before you add the plugin**.  
The plugin uses an after plugin add hook script to configure your project for FCM.  
If the google-services.json file is not present in your project when the script runs, FCM will not be configured properly and will not work.

**Using Cordova**

# ensure npm is installed: npm -g install npm
cordova plugin add https://github.com/CleverTap/clevertap-cordova.git --variable CLEVERTAP\_ACCOUNT\_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP\_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"

**Using Ionic**

ionic cordova plugin add clevertap-cordova@latest --variable CLEVERTAP\_ACCOUNT\_ID="YOUR CLEVERTAP ACCOUNT ID" --variable CLEVERTAP\_TOKEN="YOUR CELVERTAP ACCOUNT TOKEN"

**For Ionic 5**

npm install @ionic-native/clevertap --save 

*   Be sure to add CleverTap as a provider in your app module.

  constructor(platform: Platform, statusBar: StatusBar, splashScreen: SplashScreen, clevertap: CleverTap) {
    platform.ready().then(() \=> {
      // Okay, so the platform is ready and our plugins are available.
      // Here you can do any higher level native things you might need.
      statusBar.styleDefault();
      splashScreen.hide();

      ...
      clevertap.setDebugLevel(2);
      clevertap.getCleverTapID()((id) \=> {console.log(id)});
      ...
    });
  }
}

**🛠 Integration**

See our Technical Documentation for Android and Technical Documentation for iOS for instructions on integrating CleverTap into your app.

**📑 Documentation & Example**

*   See our CleverTap Plugin Usage Documentation
    
*   See the included Example Cordova project for usage.
    
*   See the included Ionic Example project for usage.
    

**⁉️ Questions?**

If you have questions or concerns, you can reach out to the CleverTap support team from the CleverTap Dashboard.

**TroubleShooting Guide:** Please refer here if you are facing common integration issues.

CVE-2023-2507: GitHub - CleverTap/clevertap-cordova: CleverTap Cordova Plugin

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.

Hello,

The controller was missing CSRF protection. This fix uses per-session tokens that are send with each POST request to the controller.

For this, I backported the Security.php from a newer Kohana, since an update of the entire Framework seemed counterproductive for this particular fix.

I'm not super fluent in PHP and therefore decided on a guard clause pattern, hope that's OK. Let me know if I should adjust anything.

Regards  
Markus

CVE-2023-38349: Add CSRF Token to Template View and AJAX Controller by martialblog · Pull Request #17 · pnp4nagios/pnp4nagios

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.

Hi,

the AJAX controller allows for stored cross site scripting due to missing input validation.

Before this fix you could send and store arbitrary characters via the basket API and filters

Examples:

*   item="><svg/onclick=alert('foobar')> in add/basket
*   sfilters="><svg/onclick=alert('foobar')>

curl 'http://localhost:8080/pnp4nagios//ajax/basket/add' --compressed -X POST 
-H 'Accept: \*/\*' -H 'Accept-Language: en-US,en;q=0.5' 
-H 'Accept-Encoding: gzip, deflate, br' 
-H 'Referer: http://localhost:8080/pnp4nagios/graph?host=.pnp-internal&srv=runtime' 
-H 'Origin: http://localhost:8080' 
-H 'Connection: keep-alive' 
-H 'Sec-Fetch-Site: same-origin' 
-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' 
-H 'X-Requested-With: XMLHttpRequest'
-H 'Pragma: no-cache' 
-H 'Cache-Control: no-cache' --data-raw $'item="><svg/onclick=alert(\\'foobar\\')>'

CVE-2023-38350: Fix XSS in AJAX controller for basket by martialblog · Pull Request #16 · pnp4nagios/pnp4nagios

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2023-36883

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format.
"A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them," UpdraftPlus, the maintainers of AIOS,

Password Security / WordPress

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format.

"A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them," UpdraftPlus, the maintainers of AIOS, said.

"This would be a problem if those site administrators were to try out those passwords on other services where your users might have used the same password. If those other services' logins are not protected by two-factor authentication, this could be a risk to the affected website."

The issue surfaced nearly three weeks ago when a user of the plugin reported the behavior, stating they were "absolutely shocked that a security plugin is making such a basic security 101 error."

AIOS also noted that the updates remove the existing logged data from the database, but emphasized successful exploitation requires a threat actor to have already compromised a WordPress site by other means and have administrative privileges, or gained unauthorized access to unencrypted site backups.

"As such, the opportunity for someone to gain privileges that they did not already have, are small," the company said. "The patched version stops passwords from being logged, and clears all previous saved passwords."

As a precaution, it's recommended that users enable two-factor authentication on WordPress and change the passwords, particularly if the same credential combinations have been used on other sites.

The disclosure comes as Wordfence revealed a critical flaw impacting WPEverest's User Registration plugin (CVE-2023-3342, CVSS score: 9.9) that has over 60,000 active installations. The vulnerability has been addressed in version 3.0.2.1.

"This vulnerability makes it possible for an authenticated attacker with minimal permissions, such as a subscriber, to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server," Wordfence researcher István Márton said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

**Summary**

**Product**

Razer CentralService

**Vendor**

Razer

**Severity**

High - Adversaries may exploit software vulnerabilities to obtain privilege escalation.

**Affected Versions**

Razer Central 7.11.0.558 and below

**Tested Versions**

Razer Central 7.8.0.381 to 7.11.0.558

**CVE Identifier**

CVE-2023-3513

**CVSS3.1 Scoring System**

**Base Score:** 7.8 (High) **Vector String:** CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

**Metric**

**Value**

**Attack Vector (AV)**

Local

**Attack Complexity (AC)**

Low

**Privileges Required (PR)**

low

**User Interaction (UI)**

None

**Scope (S)**

Unchanged

**Confidentiality (C)**

High

**Integrity (I)**

High

**Availability (A)**

High

**Product Overview**

Razer Synapse 3 is a software suite developed by Razer, a leading gaming hardware manufacturer. It serves as a centralized hub for customizing and optimizing Razer peripherals, including keyboards, mice, headsets, and other gaming accessories. With its intuitive user interface, Synapse 3 allows gamers to personalize their devices by creating unique profiles, assigning macros, and fine-tuning settings such as lighting effects and DPI sensitivity. This software provides seamless integration with cloud storage, enabling users to access their personalized configurations from anywhere. With its advanced features and extensive compatibility, Razer Synapse 3 empowers gamers to enhance their gaming experience and gain a competitive edge.

**Description of the vulnerability**

One of these services is called RazerCentralService.exe, which acts as a central service for managing user information and notifications. Other applications can communicate with this service through a named pipe. However, there is a bug in RazerCentralService.exe that allows a user with low privileges to execute code as a system on a machine with RazerCentralService installed.

While analyzing Razer software, we found that a file called RazerCentralService.exe``, which runs under the SYSTEM\`\` account, tries to access a non-existent file located at the following path:

    'C:\\ProgramData\\Razer\\Razer Central\\Accounts\\' + dirname +'\\Razer Central\\ConnectedAccounts\\ConnectedAccounts.bin'
    

The dirname variable represents a folder that begins with the prefix RZR_ followed by a series of hexadecimal characters. This folder is automatically generated once the user successfully logs into the system. Furthermore, we also verified the permissions assigned to the Razer Central folder.

    s:\windows\razer>icacls "C:\ProgramData\Razer\Razer Central\Accounts\RZR_xxxxxxxxxxxxxxxxxxxx\Razer Central"
    C:\ProgramData\Razer\Razer Central\Accounts\RZR_xxxxxxxxxxxxxxxxxxxx\Razer Central NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                                                               BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                                                               CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                                                                                               BUILTIN\Users:(I)(OI)(CI)(RX)
                                                                                               BUILTIN\Users:(I)(CI)(WD,AD,WEA,WA)
    
    Successfully processed 1 files; Failed processing 0 files
    

Within this directory, we possess the flexibility to incorporate files or folders. Additionally, we hold the capability to substitute the ConnectedAccounts\ConnectedAccounts.bin file with our personalized iteration. This particular binary file is safeguarded through encryption, utilizing the AES-CBC algorithm. Notably, it employs a hardcoded key that conveniently facilitates both encryption and decryption operations.

    def decrypt_ConnectedAccounts():
    	iv = "RZR_0280d8694a5582614c434074453e"[:16].encode('utf-8')
    	key = base64.b64decode("11Ir9bXYlDOU0xiKQszUlZ2N57TNS/GCAyLnZfj6Ibo=")
    	print (len(key)*8)
    	ciphertext = open(r"C:\ProgramData\Razer\Razer Central\Accounts\RZR_0280d8694a5582614c434074453e\Razer Central\ConnectedAccounts\ConnectedAccounts.bin", 'rb').read()
    	print ('===========')
    	cipher = AES.new(key, AES.MODE_CBC, iv)
    	plaintext = cipher.decrypt(ciphertext)
    	print (plaintext)
    	print ('================')
    

The code snippet below demonstrates the execution of a specific piece of code when the ConnectedAccounts.bin file undergoes deserialization using a binary formatter. This code is located within the AccountManager.dll module, which is loaded by the RazerCentralService.exe process.

    		private void Load()
    		{
    			try
    			{
    				SettingReadResult setting = this.m_settingsController.GetSetting("Razer Central", "ConnectedAccounts", "ConnectedAccounts.bin", SettingSource.Local, SettingSource.Undefined);
    				if (!setting.Success)
    				{
    					if (setting.ResultLocal == LoadResult.Failed_DataNotFound)
    					{
    						ConnectedAccountsManager.Logger.Info("No connected account credentials found.");
    					}
    					else
    					{
    						ConnectedAccountsManager.Logger.Error("Failed to load connected account credentials: " + setting.ResultLocal);
    					}
    				}
    				else
    				{
    					using (MemoryStream memoryStream = new MemoryStream(setting.Setting.Value))
    					{
    						Aes aes = Aes.Create();
    						aes.BlockSize = 128;
    						aes.KeySize = 256;
    						aes.Key = Convert.FromBase64String(ConnectedAccountsManager.m_keyString);
    						aes.IV = this.IV;
    						using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Read))
    						{
    							BinaryFormatter binaryFormatter = new BinaryFormatter();
    							this.m_credentials = (Dictionary<ConnectedAccount, ConnectedAccountCredentials>)binaryFormatter.Deserialize(cryptoStream);
    						}
    					}
    				}
    			}
    			catch (Exception exception)
    			{
    				ConnectedAccountsManager.Logger.Error("Exception loading connected account credentials", exception);
    				this.m_credentials = new Dictionary<ConnectedAccount, ConnectedAccountCredentials>();
    				this.Save();
    			}
    		}
    

By leveraging the power of ysoserial.net, we gain the ability to execute code with elevated privileges as the SYSTEM user. This process of deserialization occurs in two scenarios: when a user logs in or when the machine restarts. Moreover, we can also initiate the deserialization process by utilizing a named pipe. Notably, the RazerCentralService.exe grants read/write access to its pipe for all users.

    pipe_name = r'\\.\pipe\{FC828A97-C116-453D-BD88-AD471496E03C}'
    

Here is a proof of concept (POC) written in Python 2 that you can use to execute notepad.exe as the SYSTEM user. Simply run the POC code provided here

**Reproduction Steps**

For simplicity, follow the following steps to re-produce.

1.  Install the Razer software.
2.  Install Python 2 and the necessary Python modules.
3.  Log in and wait for 3-5 minutes to ensure that the directory at C:\ProgramData\Razer\Razer Central\Accounts exists.
4.  Execute the exploit script using Python 2.

**Conclusion**

Having great power entails having great responsibility. When you operate as the SYSTEM user, you possess substantial power and carry significant responsibilities. Therefore, it is crucial to exercise caution in your actions. Additionally, it is important to understand that relying solely on an encrypted file with a hardcoded key does not guarantee security. To address any potential issues, you can follow the suggested steps outlined below:

*   Avoid using binary formatter for deserialization.
*   Ensure correct permissions are set for your namedpipe.
*   Check your directory permissions.

**Credits**

Phan Thanh Duy (@PTDuy) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

CVE-2023-3513: (CVE-2023-3513) RazerCentralService unsafe deserialization Escalation of Privilege Vulnerability

By Habiba Rashid
Due to privacy concerns, Meta has not yet released the Threads app in EU countries, creating a loophole for criminals to upload fake versions of the app.
This is a post from HackRead.com Read the original post: Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

**Apple has removed the fake THREADS app from the European App Store, ending its top position as the number 1 iOS app until July 11, 2023, when it was reported.**

In a recent development, Apple has **taken down** a fake version of the popular Threads app from its App Store in Europe. The fake app, developed by SocialKit LTD, had been soaring up the charts of the most downloaded apps. However, thanks to the diligent work of cybersecurity firm and iOS developer **Mysk**, the fraudulent app has been exposed and removed, and the developer’s account has been suspended.

Among the apps created by SocialKit LTD that have been removed are ChatGP, SelfMe: Selfie AI Face Editor, and Remove Background Eraser, among others. The fakeThreads app had gained significant traction, particularly in Germany, the Netherlands, and Switzerland, where it had claimed the number one position in the App Store rankings.

Fake app topping in EU countries (Screenshots via Mysk – Twitter)

The original Threads app, launched by Meta as a competitor to Twitter, has garnered more than 100 million downloads worldwide since its release earlier this month. However, the app has yet to be made available in the European Union due to the bloc’s stringent privacy laws.

This absence has created an opportunity for cybercriminals to capitalize on the demand by producing counterfeit apps and employing over 700 phoney domain names in a single day, according to a **report**.

Mysk, in a tweet, highlighted the concerning statistics regarding the genuine app’s absence in the European market. They stated, “Statistically, exactly 0% of iOS users looking for Threads in the EU have downloaded the right app. If app sideloading was possible, the percentage of EU users downloading the right app would certainly be greater than 0%.”

Cybersecurity analyst Veriti warns users, especially those in Europe, to exercise caution when downloading knock-off versions of Threads, as they often serve as conduits for malware or phishing attacks. It is crucial to obtain the app from trusted sources and exercise due diligence at all times.

While the fraudulent Threads app has been removed from the European App Store, similar bogus apps have also been detected on other platforms. Before the official launch of Instagram’s Threads on July 6, several impersonating apps were circulating on the Google Play Store, prompting Google to eventually remove them.

Nevertheless, ChatGPT’s official app for iPhone has **already been released**, while its Android app could soon be available on the Google Play Store.

**RELATED ARTICLES**

1.  Google Deletes Fake BatteryBot Pro Malware App
2.  Scylla Ad Fraud Attack on iOS Users Halted by Apple
3.  Apple removes Clearview AI iPhone app from App Store
4.  Apple removes anti-virus apps from store for “stealing data”
5.  Google removes ClearURLs Chrome extension from app store

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

QR codes have always served as a way for bad actors to spread malware or even your friendly neighborhood prankster to share Rick Astley’s most famous music video.

Thursday, July 13, 2023 14:07

Welcome to this week’s edition of the Threat Source newsletter.

Although we can probably largely consider the COVID-19 pandemic “over,” many relics from the peak of lockdown and concerns over the virus are still around in mid-2023. It’s still impossible to get a doctor’s appointment quickly, but many restaurants have embraced al fresco dining and QR codes are back.

At one point I had totally written off QR codes as of 2010-ish, but now they’re all over restaurant menus, cash registers, tip jars and advertising. This started during the pandemic as a touch-free way of interacting with consumers and seems to be sticking around even though the days of indoor seating capacities are over.

QR codes have always served as a way for bad actors to spread malware or even your friendly neighborhood prankster to share Rick Astley’s most famous music video. But recently I discovered several “novel” ways in which bad guys are trying to capitalize on society’s newfound trust in QR codes.

Two months ago, Bleeping Computer reported on fake parking tickets floating around major U.S. and U.K. cities that had phony QR codes on them designed to trick users into “paying” a parking ticket they didn’t owe. That same week, there were also reports of phony Microsoft Word documents being sent via email to targets that contained QR codes claiming to be from the Chinese Ministry of Finance, thus bypassing traditional email security that usually scan things like links and the body copy in an email itself.

The local CBS station in Tampa Bay, Florida also came across a fake Amazon advertisement in March that claimed to enlist people who received a postcard to test out new products. When opened, the site on the other end of the QR code asked for the target’s personal and contact information.

I figured we’d be past the days of attackers just slapping QR codes onto random things, but I also thought we were done with QR codes altogether three years ago. So this serves as a PSA to not just scan any QR code you see in the wild “just because.”

Or, if you’re unsure about the origins of a QR code, iOS and Android phones will show a snippet of a URL that the QR code is sending the user before you click on it, so it’s important to double-check that the URL is where you intended on heading (ex., amazon.com). Either that or just ask for a paper menu at the restaurant.

**The one big thing**

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. This threat appears to target native Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally, the authors are likely Chinese speakers themselves. If installed, the malicious driver can hijack and spy on web traffic, potentially redirecting it to a source of the attacker’s choosing.

**Why do I care?**

This is a concrete example of a recent trend Talos has been following of threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. We have observed over a dozen code-signing certificates with keys and passwords contained in a PFX file hosted on GitHub used in conjunction with these open-source tools. By forging signatures on kernel-mode drivers, attackers can bypass the certificate policies within Windows.

**So now what?**

Microsoft has blocked all certificates discussed in Talos' blogs posted this week and released an advisory on the matter as part of Patch Tuesday. Talos recommends blocking the certificates mentioned in this blog post, as malicious drivers are difficult to detect heuristically and are most effectively blocked based on file hashes or the certificates used to sign them. Comparing the signature timestamp to the compilation date of a driver can sometimes be an effective means of detecting instances of timestamp forging. Specifically, for RedDriver, there are a series of new Cisco Secure product protections in place to detect and block the malicious driver.

**Top security headlines of the week**

The **list of companies affected by the massive MOVEit mass hack continues to grow,** and now includes international hotel chain Radisson and GPS company TomTom. Clop, the ransomware group behind the attack against the MOVEit data transfer software that eventually led to data breaches at more than 100 organizations, added more companies to its leak site this week. Commercial banks Deutsche Bank and Commerzbank are also among the newest victims, with both companies reportedly having clients’ names and account numbers. The parent company of Radisson also confirmed that a “limited number of guest records” were accessed, though it did not provide an exact number. Clop originally used a zero-day vulnerability that’s since been patched to access MOVEit software instances and then steal certain information from users. One threat analyst at New Zealand anti-virus maker Emsisoft estimated that there are now more than 270 businesses affected across the globe, including 17 million individuals. (Tech Crunch, Bloomberg)

With Meta’s new microblogging platform **Threads taking off, users and privacy advocates are criticizing its privacy and data collection policies.** Meta, which is the parent company behind Facebook and Instagram, launched Threads last week to much fanfare and gained millions of new users in the first few hours of the app’s existence. However, the app has yet to launch in the European Union because it violates several GDPR policies. Threads’ privacy policy states the app has access to GPS location, cameras, photos, IP information, the type of device being used and device signals including “Bluetooth signals, nearby Wi-Fi access points, beacons and cell towers.” In general, Meta seems to collect more personal information on Threads users compared to other platforms, though not necessarily more than Facebook and Instagram, Meta’s other major platforms. (The Guardian, CPO Magazine)

Despite major efforts from international governments and the private sector to combat ransomware, **payments to threat actors are set to hit a new record in 2023.** A new report from blockchain company Chainanalysis reports that ransomware victims have paid adversaries $449.1 million in the first six months of this year, after that number didn’t even hit $500 million in 2022. If this pace continues, 2023 would be the second-most profitable year ever for ransomware groups behind 2021. Security researchers believe the dip in 2022 could be contributed to several factors, including Russia’s invasion of Ukraine disrupting some major APT groups and new decryption software from government agencies and private companies that can return victims’ files for free. Chainanalysis analysts state in the report that big-game hunting is largely contributing to this year’s revenue — in these cases, threat actors target major corporations that likely have the funds to pay large, requested ransom payments. (Wired, Bleeping Computer)

**Can’t get enough Talos?**

*   Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor
*   Hackers target Chinese-speaking Microsoft users with ‘RedDriver’ browser hijacker
*   Gergana Karadzhova-Dangela wants to send the ladder back down to the next generation of incident responders
*   The growth of commercial spyware based intelligence providers without legal or ethical supervision
*   Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild

**Upcoming events where you can find Talos**

**BlackHat** **(Aug. 5 - 10)**

Las Vegas, Nevada

**Grace Hopper Celebration (Sept. 26 - 29)**

Orlando, Florida

> _Caitlin Huey, Susan Paskey and Alexis Merritt present a "Level Up Lab" titled "Don’t Fail Knowledge Checks: Accelerating Incident Response with Threat Intelligence." Participate in several fast-paced activities that emphasize the importance of threat intelligence in security incident investigations. Attendees will act as incident responders investigating a simulated incident that unfolds throughout this session. Periodic checkpoints will include discussions that highlight how incident response and threat intelligence complement each other during an active security investigation._

**Most prevalent malware files from Talos telemetry over the past week**

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
**MD5:** 7bdbd180c081fa63ca94f9c22c457376  
**Typical Filename:** c0dwjdi6a.dll  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.33515991

**SHA 256:** 1c25a55f121d4fe4344914e4d5c89747b838506090717f3fb749852b2d8109b6  
**MD5:** 4c9a8e82a41a41323d941391767f63f7  
**Typical Filename:** !!mreader.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Generic::sheath

**SHA 256:** 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1  
**MD5:** 3e10a74a7613d1cae4b9749d7ec93515  
**Typical Filename:** IMG001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Coinminer::1201

**SHA 256:** e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c  
**MD5:** a087b2e6ec57b08c0d0750c60f96a74c  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Tool.Kmsauto::1201

**SHA 256:** b4d8d7cbec7fe4c24dcb9b38f6036a58b765efda10c42fce7bbe2b2bf79cd53e  
**MD5:** c585f4faee96a0bec3b0f93f37239008  
**Typical Filename:** stream.txt  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Autoit::211461.in02

QR codes are relevant again for everyone from diners to threat actors

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

_5.0 out of 5 stars_ It Works  
Reviewed in the United States on March 10, 2021

I am a long-time user of Wemo, dating back to 2012/2013 when they had some of their first-gen “brick” smart plugs and things worked well. When it came time to buy a new one a few weeks ago, I was shocked to see so many poor reviews. It’s difficult to truly gauge these reviews because in the smart home world, there are an infinite amount of variables that came create good or bad experiences. Mine is as follow and I hope it helps some of you...- My home is 1400 square feet about 5 years old- I have AT&T fiber with almost all smart devices connecting to my 2.4 network (yes, I split up my 2.4 and 5 networks)- This wemo is about 30 feet from my wifi router, with a few objects in the way, but a lot of open space in between- Setup was easy inside of HomeKit, which is specifically why I purchased this unit- I am all HomeKit in the house, so no Alexa or Google Asst.- This wemo smart plug is powering another smart device we don’t want on 24/7, so I automated the wemo to turn on once we leave the home- Thus far, it is working without a single issue- The size is very small, compared to their older models and models of other units, thus, it isn’t an eye sore to look at nor does it cover up the socket below itRecap- ever user experience is totally relative to their smart home setup. So far, I am very happy with this purchase.

**Reviews with images**

*   Sort reviews by
    

**Top reviews from the United States**

**There was a problem filtering reviews right now. Please try again later.**

Reviewed in the United States on March 24, 2021

You would think Away Mode set up would be easy to find and easy to set up . For this reason I've gone back to using the WEMO Smart Plugs exclusively and the newer simple set up WEMO plugs fit the bill. What I like about the WEMO vs the Wyze or Amazon brand is not the hardware so much but the software specifically the Away Mode on the WEMO that allow you to set the time schedule with in the Away Mode. Only want devices coming on between 6-9 pm no problem. You can set which devices you want to have go on and off randomly within this parameter just like you would if you were home. The Wyze doesn't seem to have this Away Mode technology at all and the Amazon branded plugs, to get to the WEMO sophistication, requires the Guard Plus be purchased granted it does a lot more but its also $49/yr for the subscription. I will say the WEMO still has a quirkiness to it even with the simple set up to get the Wifi handshake that sometimes requires multiple resets on some of the devices if you move it from one location to another. I'll put up with this to get the controllability for a vacation mode software that I like to have.

One person found this helpful

Report

Reviewed in the United States on October 26, 2020

I have had WEMO devices essentially since the beginning... and my OLD ones are getting a little creaky. The WEMO "mini" is HUGE now compared to version 3. I got a Version 3 set of 3 plugs and this is the review for those. I agree with the users here that you now have to set up an account with WEMO if you haven't already in order to make them work. At least they don't charge you anything. I use them with Alexa... and Alexa really isn't that user friendly either. The other thing you MUST do is activate Alexa or Home or Google IN the actual WEMO app or the NEW versions of the devices will not work. ALL my devices worked after getting the WEMO Version 3, EXCEPT the version 3. SO I had to Google how to fix it. Luckily there are other miserable people out there who put very clear instructions in the blogs and I followed those and was able to get it to work without having to contact customer service. Adding a WEMO V3 to the app is easier than adding the old devices.

2 people found this helpful

Report

Reviewed in the United States on March 10, 2021

I am a long-time user of Wemo, dating back to 2012/2013 when they had some of their first-gen “brick” smart plugs and things worked well. When it came time to buy a new one a few weeks ago, I was shocked to see so many poor reviews. It’s difficult to truly gauge these reviews because in the smart home world, there are an infinite amount of variables that came create good or bad experiences. Mine is as follow and I hope it helps some of you...

\- My home is 1400 square feet about 5 years old  
\- I have AT&T fiber with almost all smart devices connecting to my 2.4 network (yes, I split up my 2.4 and 5 networks)  
\- This wemo is about 30 feet from my wifi router, with a few objects in the way, but a lot of open space in between  
\- Setup was easy inside of HomeKit, which is specifically why I purchased this unit  
\- I am all HomeKit in the house, so no Alexa or Google Asst.  
\- This wemo smart plug is powering another smart device we don’t want on 24/7, so I automated the wemo to turn on once we leave the home  
\- Thus far, it is working without a single issue  
\- The size is very small, compared to their older models and models of other units, thus, it isn’t an eye sore to look at nor does it cover up the socket below it

Recap- ever user experience is totally relative to their smart home setup. So far, I am very happy with this purchase.

_5.0 out of 5 stars_ It Works  
Reviewed in the United States on March 10, 2021

I am a long-time user of Wemo, dating back to 2012/2013 when they had some of their first-gen “brick” smart plugs and things worked well. When it came time to buy a new one a few weeks ago, I was shocked to see so many poor reviews. It’s difficult to truly gauge these reviews because in the smart home world, there are an infinite amount of variables that came create good or bad experiences. Mine is as follow and I hope it helps some of you...

\- My home is 1400 square feet about 5 years old  
\- I have AT&T fiber with almost all smart devices connecting to my 2.4 network (yes, I split up my 2.4 and 5 networks)  
\- This wemo is about 30 feet from my wifi router, with a few objects in the way, but a lot of open space in between  
\- Setup was easy inside of HomeKit, which is specifically why I purchased this unit  
\- I am all HomeKit in the house, so no Alexa or Google Asst.  
\- This wemo smart plug is powering another smart device we don’t want on 24/7, so I automated the wemo to turn on once we leave the home  
\- Thus far, it is working without a single issue  
\- The size is very small, compared to their older models and models of other units, thus, it isn’t an eye sore to look at nor does it cover up the socket below it

Recap- ever user experience is totally relative to their smart home setup. So far, I am very happy with this purchase.

Images in this review

 

Reviewed in the United States on February 10, 2022

I have been a Wemo user since 2015.

Last week on the 4th, my home experienced a brief power outage. At the time, I was using 5 devices (2 Insights and 3 Mini Smart plugs). When power was restored, the 2 Insights were “Not detected” by the Wemo app and also in the Amazon Alexa app. The Insights appeared to be connected to my WiFi. I unplugged them for a few hours; when I plugged them in again they connected to the network but were not detected in the app.

Prior to the outage, I had deleted a rule and modified another one. After the outage, I also added a new rule. For the next few days, I experienced issues with the changes not being subsequently reflected in the app and also not being used to control the devices.

I installed the app on an Amazon Fire tablet. Once I logged into the app, it showed the rules that I want. So, at this point, the correct rules are showing on the Fire but none of my iOS devices.

After a few days of hoping the “Not detected” devices would reappear, I gave up and ordered a new plug from Amazon. I received the “Simple Setup Smart Outlet” yesterday. It arrived with minimal instructions. First, I attempted to follow the path for “Auto setup with Alexa”. That process failed repeatedly. So, I then installed Apple Home app and was able to get the device configured. I then created the rule that I wanted to associate with the new device using the iOS app.

However, the previous problem with rules persisted. I uninstalled the Apple Home app and the rule inconsistency problem persisted. I remember seeing a message that rules would remain in iCloud after uninstalling the Apple Home app. Even though, the app was gone, the iCloud Home setting was still on. I turned the setting off on all iOS devices. Since then, everything seems okay.

I noticed that “Apple HomeKit” shows in the description for the Wemo that I bought in 2018. I may have installed Apple Home then and decided that I did not want to use and uninstalled. I wonder if that could have caused a one-way pull of Wemo data to iCloud. And, after that the iOS app and the plugs were pulling data from iCloud instead of directly from Wemo’s cloud storage (though it looks like they were all being properly stored in Wemo’s cloud). This would account for the phantom rules.

After spending a few hours doing “Simple Setup”, the appearance in the app across iOS and Fire devices is as desired, devices show correctly in Alexa, and the correct programs are controlling the plugs.

One person found this helpful

Report

**Top reviews from other countries**

_4.0 out of 5 stars_ Funciona muy bien, casi siempre.

Reviewed in Mexico on February 21, 2021

En casa este dispositivo se integra con el ecosistema de HomeKit de Apple. Me costó algo de trabajo configurarlo, no estoy seguro si fue problema del dispositivo o de mis redes wifi que no eran del todo compatible (tuve que resetear varias veces el access point después de hacer cambios al canal y al radio). Ya tengo unas semanas usándolo y generalmente funciona muy bien. Muy de vez en cuando "el dispositivo no responde". Decidí no devolverlo y conservarlo porque, como digo, prácticamente funciona siempre, tal vez con un poco de retraso (aunque Siri inmediatamente me responde que el dispositivo no responde, sí termina encendiéndose o apagándose unos segundos después) y mi access point (un AirPort Express ya viejito) puede contribuir a este comportamiento.

2 people found this helpful

Report

_5.0 out of 5 stars_ Es fácil de usar y configurar

Reviewed in Mexico on December 30, 2022

Es fácil de usar y configurar

_3.0 out of 5 stars_ Se desconecta muy seguido

Reviewed in Mexico on December 18, 2021

Lamentablemente era mejor el modelo pasado, este es más pequeño y se desconocía mucho.

_5.0 out of 5 stars_ Al 100

Reviewed in Mexico on January 24, 2022

Cuesta caro pero cumple al 100 con homekit.

_5.0 out of 5 stars_ Buena opción para homekit

Reviewed in Mexico on May 5, 2021

Al ser mi segundo producto de Wemo, la instalación fue mucho más fácil y rápida

CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?**

The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20230627**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230627)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

Tag

#ios