#wifi

Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

By Waqas The data breach came to light in early November 2023, when Mr. Cooper announced that it had fallen victim to a cyberattack on October 30, 2023. This is a post from HackRead.com Read the original post: Mortgage Giant Mr. Cooper Data Breach; 14 Million Users Impacted

Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.

Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.