Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

Cheap Yet Secure: Top VPNs for Privacy-Conscious Users on a Budget

The Importance of Balancing Cost and Security!

HackRead
#git#wifi
Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive…

Schneider Electric EVlink Home Smart and Schneider Charge

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following EVlink Home Smart and Schneider Charge charging stations are affected: EVlink Home Smart: All versions prior to 2.0.6.0.0 Schneider Charge: All versions prior to 1.13.4 3.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312 A cleartext storage of sensitive information vulnerability exists that exposes test credentials in the firmware binary. CVE-2024-8070 has been assigned to this vulnerability. A CVSS v3 base score of 8.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L). 3.3 BACKGROUND CRITICAL INFRASTR...

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws…

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does.

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

Cybersecurity Risks in Crypto: Phishing, Ransomware and Other Emerging Threats

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

Why Small Businesses Can't Rely Solely on AI to Combat Threats

The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.

GHSA-cvv5-9h9w-qp2m: Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)

### Summary The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. ### Details I have exploited this vulnerability in a Windows service using version 5.22.11 of the module, to escalate privileges (in an environment where I am authorized to do so). However, as far as I can see from the code, it is still present in master branch at time of writing, on line [403/404 of network.js](https://github.com/sebhildebrandt/systeminformation/blob/3a92931c7d46605ffddc1aacb97a9727273b2888/lib/network.js#L403). The SSID is obtained from `netsh wlan show interface ...` in `getWindowsWirelessIfaceSSID`, and then passed to `cmd.exe /d /s /c "netsh wlan show profiles ...` in `getWindowsIEEE8021x`, without sanitization. ### PoC First, the command injection payload should be included in the connected Wi-Fi SSID. For example create hotspot on mobile phone or other lap...