Security
Headlines
HeadlinesLatestCVEs

Tag

#telnet

CVE-2023-24595: TALOS-2023-1713 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE
Open in Source
#vulnerability#linux#cisco#intel#acer#ssh#telnet
CVE-2023-23550: TALOS-2023-1694 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-22659: TALOS-2023-1699 || Cisco Talos Intelligence Group

An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-25583: TALOS-2023-1723 || Cisco Talos Intelligence Group

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.

CVE-2023-22365: TALOS-2023-1711 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-22306: TALOS-2023-1698 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-46080: GitHub - yerodin/CVE-2022-46080: Nexxt Router 15.03.06.60 Authentication Bypass and Remote Command Execution

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.

CVE-2023-22906

Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password.

A proxyjacking campaign is looking for vulnerable SSH servers

Categories: Cybercrime Categories: News Tags: proxyjacking Tags: cryptojacking Tags: curl Tags: Docker Tags: proxy service Tags: compromised Proxyjacking is a cybercrime where your bandwidth is sold by criminals. (Read more...) The post A proxyjacking campaign is looking for vulnerable SSH servers appeared first on Malwarebytes Labs.

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. "An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working." The list is