A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

'702566?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-26683: Invalid Bug ID

A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.

'701294?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-21896: Invalid Bug ID

An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.

When testing #706 (closed), we found the bug is not completely patched in pdfunite. To reproduce the bug, run pdfunite t.pdf poc 2.pdf.

    (gdb) bt
    #0  0x00007ffff72467bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
    #1  0x00007ffff7231535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
    #2  0x000000000040d7a1 in Object::getDict (this=<optimized out>)
        at /home/users/chluo/poppler/poppler/Object.h:435
    #3  main (argc=<optimized out>, argv=<optimized out>)
        at /home/users/chluo/poppler/utils/pdfunite.cc:200

uni.zip

Edited Jul 28, 2022 by

CVE-2022-37051: SIGABRT at poppler/Object.h:435 (pdfunite) (#1276) · Issues · poppler / poppler · GitLab

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

We are currently migrating away from gitlab hosting cloud for the registry. There will be a final maintenance down time on Sunday 27th August, from approx 8-12am UTC. See the tracker issue for more informations. Note that the registry will see a brief outage, and potentially lag between uploads and availability during that window.

CVE-2022-37052: pdfseparate: Account for XRef::add failing because we run out of memory (86775003) · Commits · poppler / poppler · GitLab

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.

Hi, we found a bug in the latest version of poppler (commit b9643712), the bug causes the program to crash with the following backtrace.

To reproduce it, run pdfseparate poc 1.pdf

    (gdb) bt
    #0  0x00007ffff72467bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
    #1  0x00007ffff7231535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
    #2  0x00007ffff7bee76f in Object::getDict (this=<optimized out>)
        at /home/users/chluo/poppler/poppler/Object.h:435
    #3  PDFDoc::savePageAs (this=0x466e10, name=..., pageNo=1)
        at /home/users/chluo/poppler/poppler/PDFDoc.cc:889
    #4  0x0000000000408659 in extractPages (srcFileName=<optimized out>,
        destFileName=0x7fffffffe6eb "./1.pdf")
        at /home/users/chluo/poppler/utils/pdfseparate.cc:123
    #5  main (argc=<optimized out>, argv=<optimized out>)
        at /home/users/chluo/poppler/utils/pdfseparate.cc:156

sep.zip

Seems that this bug is related to #706 (closed). 7b4e372d partially fixes #706 (closed) yet it is incomplete.

Edited Jul 27, 2022 by

CVE-2022-37050: SIGABRT at poppler/Object.h:435 (#1274) · Issues · poppler / poppler · GitLab

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.

We are currently migrating away from gitlab hosting cloud for the registry. There will be a final maintenance down time on Sunday 27th August, from approx 8-12am UTC. See the tracker issue for more informations. Note that the registry will see a brief outage, and potentially lag between uploads and availability during that window.

*   poppler
*   poppler
*   Issues
*   #936

I find an overflow in XRef, which is caused by mutual recursive call.

./pdfinfo ./xref.pdf

xref.zip

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

CVE-2020-23804: Overflow in Xref (#936) · Issues · poppler / poppler · GitLab

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.

Hi, we found a bug in poppler/PDFDoc.cc:1755. When the bug is triggered, the program would crash with the following backtrace.

To reproduce, run pdfunite t.pdf poc 2.pdf

    (gdb) bt
    #0  0x00007ffff745f8c1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
    #1  0x00007ffff7449546 in abort () from /lib/x86_64-linux-gnu/libc.so.6
    #2  0x00007ffff7a5eb18 in Object::getDict (this=0x7fffffffe0c8)
        at /home/users/chluo/pop/poppler/Object.h:435
    #3  PDFDoc::replacePageDict (this=0x5555555bb430, pageNo=<optimized out>,
        rotate=90, mediaBox=0x5555555e3b50, cropBox=0x5555555e3b70)
        at /home/users/chluo/pop/poppler/PDFDoc.cc:1755
    #4  0x000055555555c9fa in main (argc=<optimized out>, argv=<optimized out>)
        at /home/users/chluo/pop/utils/pdfunite.cc:290

The bug is relevant to #706 (closed) and #1276 (closed).

poc.zip

CVE-2022-38349: SIGABRT at poppler/PDFDoc.cc:1755 (#1282) · Issues · poppler / poppler · GitLab

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

    ~/fuzz/poppler/utils]$ ./pdftohtml ./in/poc -f 1 /dev/null                                              *[master] 
    Syntax Error (738): Dictionary key must be a name object
    Syntax Error (751): Dictionary key must be a name object
    Syntax Error (758): Illegal character '>'
    Syntax Error (763): Dictionary key must be a name object
    Syntax Error (769): Dictionary key must be a name object
    Syntax Error (798): Illegal character ')'
    Syntax Error (798): Dictionary key must be a name object
    Syntax Error (820): Dictionary key must be a name object
    Syntax Error (820): Illegal character '{'
    Syntax Error (820): Dictionary key must be a name object
    Syntax Error (846): Dictionary key must be a name object
    Syntax Error (846): Dictionary key must be a name object
    Syntax Error (849): Dictionary key must be a name object
    Syntax Error (849): Illegal character '{'
    Syntax Error (849): Dictionary key must be a name object
    Syntax Error (899): Dictionary key must be a name object
    Syntax Error (899): Illegal character ')'
    Syntax Error (899): Dictionary key must be a name object
    Syntax Error (905): Dictionary key must be a name object
    Syntax Error (905): Dictionary key must be a name object
    Syntax Error (916): Dictionary key must be a name object
    Syntax Error (926): Dictionary key must be a name object
    Syntax Error (933): Dictionary key must be a name object
    Syntax Error (935): Dictionary key must be a name object
    Syntax Error (937): Dictionary key must be a name object
    Syntax Error (941): Dictionary key must be a name object
    Syntax Error (943): Dictionary key must be a name object
    Syntax Error (950): Dictionary key must be a name object
    I/O Error: Couldn't open html file '/dev/null.html'
    I/O Error: Couldn't open html file '/dev/null_ind.html'
    ASAN:SIGSEGV
    =================================================================
    ==49519==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f849ee7c6f8 bp 0x611000009950 sp 0x7
    ffc717cbd00 T0)
        #0 0x7f849ee7c6f7 in _IO_fwrite (/lib/x86_64-linux-gnu/libc.so.6+0x6e6f7)
        #1 0x52d565 in HtmlOutputDev::~HtmlOutputDev() /home/greydog/fuzz/poppler/utils/HtmlOutputDev.cc:1221
        #2 0x52d860 in HtmlOutputDev::~HtmlOutputDev() /home/greydog/fuzz/poppler/utils/HtmlOutputDev.cc:1227
        #3 0x50543f in main /home/greydog/fuzz/poppler/utils/pdftohtml.cc:457
        #4 0x7f849ee2e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
        #5 0x508818 in _start (/home/greydog/fuzz/poppler/utils/pdftohtml+0x508818)
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV ??:0 _IO_fwrite
    ==49519==ABORTING 

    [----------------------------------registers-----------------------------------]
    RAX: 0x0 
    RBX: 0x10 
    RCX: 0xbebebebebebebebe 
    RDX: 0x10 
    RSI: 0x1 
    RDI: 0xacd440 ("</body>\n</html>\n")
    RBP: 0x611000009950 --> 0xbebebebebebebebe 
    RSP: 0x7fffffffd3d0 --> 0x60300001dce0 --> 0x606023800004 --> 0x0 
    RIP: 0x7ffff47d56f8 (<__GI__IO_fwrite+24>:      mov    eax,DWORD PTR [rcx])
    R8 : 0x0 
    R9 : 0xc220000132a --> 0x0 
    R10: 0x62c 
    R11: 0x7ffff47d56e0 (<__GI__IO_fwrite>: push   r14)
    R12: 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:       lea    rsp,[rsp-0x98])
    R13: 0xc2200001329 --> 0x0 
    R14: 0x611000009948 --> 0x0 
    R15: 0x603000001120 --> 0x603000001130 ("./in/poc")
    EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
    [-------------------------------------code-------------------------------------]
       0x7ffff47d56eb <__GI__IO_fwrite+11>: imul   rbx,rdx
       0x7ffff47d56ef <__GI__IO_fwrite+15>: test   rbx,rbx
       0x7ffff47d56f2 <__GI__IO_fwrite+18>: je     0x7ffff47d57e8 <__GI__IO_fwrite+264>
    => 0x7ffff47d56f8 <__GI__IO_fwrite+24>: mov    eax,DWORD PTR [rcx]
       0x7ffff47d56fa <__GI__IO_fwrite+26>: mov    r12,rdi
       0x7ffff47d56fd <__GI__IO_fwrite+29>: mov    r10,rsi
       0x7ffff47d5700 <__GI__IO_fwrite+32>: mov    r9,rcx
       0x7ffff47d5703 <__GI__IO_fwrite+35>: and    eax,0x8000
    [------------------------------------stack-------------------------------------]
    0000| 0x7fffffffd3d0 --> 0x60300001dce0 --> 0x606023800004 --> 0x0 
    0008| 0x7fffffffd3d8 --> 0x611000009950 --> 0xbebebebebebebebe 
    0016| 0x7fffffffd3e0 --> 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:   lea    rsp,[rsp-0x98])
    0024| 0x7fffffffd3e8 --> 0xc2200001329 --> 0x0 
    0032| 0x7fffffffd3f0 --> 0x611000009948 --> 0x0 
    0040| 0x7fffffffd3f8 --> 0x52d566 (<HtmlOutputDev::~HtmlOutputDev()+1814>:      mov    rcx,rbp)
    0048| 0x7fffffffd400 --> 0x60600000d488 --> 0xbebebebebebebebe 
    0056| 0x7fffffffd408 --> 0x60300001e730 --> 0x60300001e740 ("/dev/null")
    [------------------------------------------------------------------------------]
    Legend: code, data, rodata, value
    Stopped reason: SIGSEGV
    __GI__IO_fwrite (buf=buf@entry=0xacd440, size=size@entry=0x1, count=count@entry=0x10, fp=0xbebebebebebebebe)
        at iofwrite.c:37
    37      iofwrite.c: No such file or directory.
    gdb-peda$ bt 10
    #0  __GI__IO_fwrite (buf=buf@entry=0xacd440, size=size@entry=0x1, count=count@entry=0x10, fp=0xbebebebebebebebe)
        at iofwrite.c:37
    #1  0x000000000052d566 in HtmlOutputDev::~HtmlOutputDev (this=0x6110000098c0, __in_chrg=<optimized out>)
        at /home/greydog/fuzz/poppler/utils/HtmlOutputDev.cc:1221
    #2  0x000000000052d861 in HtmlOutputDev::~HtmlOutputDev (this=0x6110000098c0, __in_chrg=<optimized out>)
        at /home/greydog/fuzz/poppler/utils/HtmlOutputDev.cc:1227
    #3  0x0000000000505440 in main (argc=0x3, argc@entry=0x5, argv=argv@entry=0x7fffffffd7e8)
        at /home/greydog/fuzz/poppler/utils/pdftohtml.cc:457
    #4  0x00007ffff4787830 in __libc_start_main (main=0x503bf0 <main(int, char**)>, argc=0x5, argv=0x7fffffffd7e8, 
        init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd7d8)
        at ../csu/libc-start.c:291
    #5  0x0000000000508819 in _start ()
    
    
    [----------------------------------registers-----------------------------------]                           [23/9786]
    RAX: 0x0 
    RBX: 0xffffffffaa2 --> 0x0 
    RCX: 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:       lea    rsp,[rsp-0x98])
    RDX: 0xc2200001318 --> 0x0 
    RSI: 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:  lea    rsp,[rsp-0x98])
    RDI: 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:       lea    rsp,[rsp-0x98])
    RBP: 0x7fffffffd510 --> 0x41b58ab3 
    RSP: 0x7fffffffd458 --> 0x505440 (<main(int, char**)+6224>:     mov    DWORD PTR [rsp+0x18],0x0)
    RIP: 0x52d820 (<HtmlOutputDev::~HtmlOutputDev()>:       lea    rsp,[rsp-0x98])
    R8 : 0x1c77ea 
    R9 : 0x1c80b 
    R10: 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:       lea    rsp,[rsp-0x98])
    R11: 0x1c7856 
    R12: 0x60300001e730 --> 0x60300001e740 ("/dev/null")
    R13: 0xef4140 --> 0x0 
    R14: 0x610000007d40 --> 0x603000001090 --> 0x6030000010a0 ("./in/poc")
    R15: 0x603000001120 --> 0x603000001130 ("./in/poc")
    EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
    [-------------------------------------code-------------------------------------]
       0x52d810 <HtmlOutputDev::~HtmlOutputDev()+2496>:     call   0x5007f0 <__stack_chk_fail@plt>
       0x52d815 <HtmlOutputDev::~HtmlOutputDev()+2501>:     call   0x501640 <__asan_report_load8@plt>
       0x52d81a:    nop    WORD PTR [rax+rax*1+0x0]
    => 0x52d820 <HtmlOutputDev::~HtmlOutputDev()>:  lea    rsp,[rsp-0x98]
       0x52d828 <HtmlOutputDev::~HtmlOutputDev()+8>:        mov    QWORD PTR [rsp],rdx
       0x52d82c <HtmlOutputDev::~HtmlOutputDev()+12>:       mov    QWORD PTR [rsp+0x8],rcx
       0x52d831 <HtmlOutputDev::~HtmlOutputDev()+17>:       mov    QWORD PTR [rsp+0x10],rax
       0x52d836 <HtmlOutputDev::~HtmlOutputDev()+22>:       mov    rcx,0xee1
    [------------------------------------stack-------------------------------------]
    
      0x52d810 <HtmlOutputDev::~HtmlOutputDev()+2496>:     call   0x5007f0 <__stack_chk_fail@plt>
       0x52d815 <HtmlOutputDev::~HtmlOutputDev()+2501>:     call   0x501640 <__asan_report_load8@plt>
       0x52d81a:    nop    WORD PTR [rax+rax*1+0x0]
    => 0x52d820 <HtmlOutputDev::~HtmlOutputDev()>:  lea    rsp,[rsp-0x98]
       0x52d828 <HtmlOutputDev::~HtmlOutputDev()+8>:        mov    QWORD PTR [rsp],rdx
       0x52d82c <HtmlOutputDev::~HtmlOutputDev()+12>:       mov    QWORD PTR [rsp+0x8],rcx
       0x52d831 <HtmlOutputDev::~HtmlOutputDev()+17>:       mov    QWORD PTR [rsp+0x10],rax
       0x52d836 <HtmlOutputDev::~HtmlOutputDev()+22>:       mov    rcx,0xee1
    [------------------------------------stack-------------------------------------]
    0000| 0x7fffffffd458 --> 0x505440 (<main(int, char**)+6224>:    mov    DWORD PTR [rsp+0x18],0x0)
    0008| 0x7fffffffd460 --> 0x7ffff53d5ac8 (:wcout+8>:     0x00007ffff53d0a10)
    0016| 0x7fffffffd468 --> 0x7fffffffd6d0 --> 0x0 
    0024| 0x7fffffffd470 --> 0x7fffffffd510 --> 0x41b58ab3 
    0032| 0x7fffffffd478 --> 0x6110000098c0 --> 0xe3bf48 --> 0x52ce50 (<HtmlOutputDev::~HtmlOutputDev()>:   lea    rsp,[rsp-0x98])
    0040| 0x7fffffffd480 --> 0xef3fc0 --> 0x0 
    0048| 0x7fffffffd488 --> 0x60300001e250 --> 0x60307a800001 --> 0x0 
    0056| 0x7fffffffd490 --> 0x60300001e1f0 --> 0x60607b800002 --> 0x0 
    [------------------------------------------------------------------------------]
    Legend: code, data, rodata, value
    
    Breakpoint 1, HtmlOutputDev::~HtmlOutputDev (this=0x6110000098c0, __in_chrg=<optimized out>)
        at /home/greydog/fuzz/poppler/utils/HtmlOutputDev.cc:1201
    1201    HtmlOutputDev::~HtmlOutputDev() {
    gdb-peda$ p page
    $1 = (FILE *) 0xbebebebebebebebe
    gdb-peda$ list
    1196        delete htmlEncoding;
    1197      }
    1198      ok = true; 
    1199    }
    1200
    1201    HtmlOutputDev::~HtmlOutputDev() {
    1202        delete Docname;
    1203        delete docTitle;
    1204
    1205        for (auto entry : *glMetaVars) {

CVE-2020-18839: pdftohtml memory crash (#742) · Issues · poppler / poppler · GitLab

By Habiba Rashid
TP-Link Tapo L530E Smart Bulb found vulnerable, putting user WiFi credentials at risk.
This is a post from HackRead.com Read the original post: TP-Link Smart Bulb Users at Risk of WiFi Password Theft

The vulnerabilities of the smart bulb were identified by cybersecurity researchers from Italy and the United Kingdom.

**Summary**

*   Security researchers have found vulnerabilities in the TP-Link Tapo L530E smart bulb and the corresponding Tapo app.

*   These vulnerabilities could allow attackers to steal users’ WiFi passwords and gain unauthorized access to their networks.

*   The vulnerabilities are rated as high and medium severity, and affect both the hardware and software of the smart bulb.

*   TP-Link has acknowledged the vulnerabilities and is working on a fix.

*   In the meantime, users are advised to update the firmware of their smart bulbs and use strong passwords.

In the era of expanding home automation, the convenience of controlling devices remotely and optimizing energy consumption is met with an emerging concern: the security of interconnected smart devices.

A recent investigation by security researchers from Italy and the UK has illuminated potential vulnerabilities in the popular TP-Link Tapo L530E smart bulb and the corresponding Tapo app, exposing users to the risk of having their WiFi passwords stolen by malicious actors.

The TP-Link Tapo L530E smart bulb, a common sight in homes and available on major marketplaces such as Amazon, has become a focal point for researchers due to its extensive adoption. The study (PDF), conducted by experts from the Universita di Catania and the University of London, talks about broader security risks prevalent in the expansive world of Internet of Things (IoT) devices, many of which exhibit subpar authentication safeguards and insecure data transmission practices.

The following four distinct vulnerabilities have been identified within the TP-Link Tapo L530E smart bulb and the Tapo app, each presenting its unique security implications:

**Improper Authentication: **

The primary vulnerability is rooted in improper authentication during the session key exchange process. This flaw permits attackers in close proximity to the device to impersonate it, resulting in the compromise of Tapo user passwords and control over Tapo devices. With a high-severity CVSS v3.1 score of 8.8, this exploit represents a substantial risk.

**Hard-coded Weakness:**

The second vulnerability, also high-severity with a CVSS v3.1 score of 7.6, is a result of a hardcoded short checksum shared secret. Malicious actors can exploit this flaw by engaging in brute-forcing techniques or by decompiling the Tapo app. 

**Predictable encryption_:_**

The third flaw, rated with a medium severity, pertains to the predictable nature of symmetric encryption due to a lack of randomness in its application. 

**Replay Attacks:**

Lastly, the fourth vulnerability allows attackers to conduct replay attacks, effectively replicating previously intercepted messages to manipulate device functions.

Keeping in mind the vulnerabilities above, the researchers showcased several scenarios which a malicious actor may be inclined to employ. In the first scenario, an attacker exploits the first and second vulnerabilities to impersonate the smart bulb and compromise a user’s Tapo account.

By infiltrating the Tapo app, the attacker can extract critical WiFi information, including the SSID and password, enabling unauthorized access to all devices linked to the same network. Though this attack requires the device to be in setup mode, attackers can easily disrupt the bulb’s functionality and prompt a reset, thus enabling the execution of the attack.

For the second scenario, the researchers delved into Man-in-the-Middle (MITM) attacks, showcasing the potential for attackers to intercept and manipulate communications between the Tapo app and the bulb.

By exploiting the first vulnerability, attackers can capture RSA encryption keys, which are then exploited to decode further data exchanges. Moreover, unconfigured Tapo devices can be utilized in MITM attacks to extract sensitive information during the setup process.

TP-Link Tapo L530E smart bulb on Amazon – The data extracted by researchers

In a comment to Hackread.com, Andrew Bolster, Senior R&D Manager for Data Science at Synopsys Software Integrity Group told Hackread.com that, “These new vulnerability notices demonstrate again that while consumers want to believe that the smart devices that we bring into our homes and make part of our lives are somehow completely isolated and secure, security is not that simple.”

Andrew warned that “As Synopsys previously demonstrated with last year’s Vulnerability Advisory on IKEA smart bulbs, these assistive and clever devices can be the weak-link into the trusted home environment; A beachhead for malicious actors to then gain horizontal access to other devices behind the ‘secure’ firewall. And as we add increasingly smart devices, be it fridges, voice assistants, heating controllers, vacuum cleaners, etc, opportunity for security failures to spread expands exponentially.”

“As with any modern security threat model, defence-in-depth and trust-but-verify stand; smart devices should be kept on separate WiFi networks from personal devices where possible, and the inbound/outbound connections into this network should be heavily restricted,” he emphasised.

The findings of this investigation have been responsibly disclosed to TP-Link, prompting acknowledgement from the vendor. Assurances have been made that fixes for the vulnerabilities will be implemented in both the app and the bulb’s firmware. However, specific details about the availability of these fixes and the versions still susceptible remain undisclosed.

Here are some additional safety guidelines that users should follow:

*   Only connect your smart bulbs to trusted networks.
*   Keep your smart bulbs up to date with the latest firmware.
*   Be careful about what information you share with smart bulb apps.
*   Use strong passwords and enable multi-factor authentication for your smart bulb accounts.
*   If you think your smart bulb has been compromised, change your passwords and reset your devices.

In light of these vulnerabilities and the expanding realm of IoT devices, isolating such devices from critical networks, updating firmware and app versions, and bolstering account protection through strong passwords and multi-factor authentication remains the recommended practices.

**RELATED ARTICLES**

1.  IoT devices could help authorities solve criminal cases
2.  Hackers can use flaw in Philips smart light bulbs to spread malware
3.  Hackers can clone your lock keys by recording clicks from smartphone
4.  Whitehat hacker shows how to detect hidden cameras in Airbnb, hotels
5.  Lamphone attack recovers secretive conversations via hanging light bulb

TP-Link Smart Bulb Users at Risk of WiFi Password Theft

An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

%PDF-1.5 %� 150 0 obj << /Filter /FlateDecode /Length 4293 >> stream xڍZKs����W���D���w�M)�I�X�j7��A����\_���{�!nR�����{�=n�o��?�.ʐ����&�?N�4M�4�o�û\_��1�j��8�Y4#o��w���nk��:~����?삛���Ax��t;���4��,Jnꛟ��g�v��R����7�x�-�<�R�)���������o��=�i>$���wY�a�-Vioq�A,�NM�6c95�\* C��m�z���a�/A��qM-�㫔6 \`�(j��@W/i���m��4�M��r��G{��Q���G�"���ǉ�Xm��֔�^��?N\]SكP�ь#\*+�� F!\\)��tϭ�H� ��1jA����uh����gt��?ʳ�E��Y���\]���<�#wf(�����y�y OJw;wX��p��h��OO�a�\[��M2�wu�3�� ���8�̸�U�v�#�v~B̨sodT��L�m$��|�L:}���'"DNT�0O�?߆D��t��hn�T�j����e�\_LC,1H���o��z��7����� ՚ñ5��(u�q�CSN�4% ��i0�<�RV{S}Y\[h���4X��=���b�}9Y��دRLe����x%��z�����<� ��;�}3Y֎r�%j�3RW��xb��n\_�j�v�͡ﶫԜ�\]�P��Fj�j�Ө�i\*�T�A0/�^ծeT� ����90k�J\[�F�xt"�)�����7 �����ۛ��q�P�D��M������\*�94����{����}:�DG�/r��f,�O�����:�껎t��7���N��^�Ӳ����e�8���(����An$�b��Q�����(�C)�e��JHar�.w�4$\]f�����%��,�XQ�Ax����H��%����Q�LMlN�j\\�M�,�b�V�s�L�����t����x����e ��{���d#G��#7�Fڅ�p��j��8I�GmǕ��t:j��6��B����-)��l�drR���^ �E�}�t��};��.׹����F'x�RhS��^4��e;��~\]��,�3i\`X�l�&�f�~�By#�����R�Pӡ?�"�\\R�l�$ʽ~rjS�����\]C��\[:OӍ��e#gW��%\`��)y;�\]��n�.F����%�d���u����8�q���qd�ȝ��$��k�Y�^�4��o���(\_��{A��$��֔؃�r4�\]�f= ��iz�yZ�)�x1I\[�-W���h�N51�3���,6��ǉ(�\*U;�Bi��1�W�d���F ��.bH ��-rE9U��\[���v>�S�"D�a�kT1E�j!dSA!����÷ǣ�¨-�^'�����Q8>�9\[�i��q\[S{t��I�(U���:c$4�'l����z�F+�

Tag

#pdf