Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

CVE-2023-41029: Juplink RX4-1500 Command Injection Vulnerability - Exodus Intelligence

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

CVE
Open in Source
#vulnerability#intel#auth#wifi
CVE-2023-41027: Juplink RX4-1500 Credential Disclosure Vulnerability - Exodus Intelligence

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

CVE-2023-41031: Juplink RX4-1500 homemng Command Injection Vulnerability - Exodus Intelligence

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

CVE-2023-42810: wifi sanitizing ssid names · sebhildebrandt/systeminformation@7972565

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).

What’s the point of press releases from threat actors?

It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.

GHSA-gx6r-qc2v-3p3v: systeminformation SSID Command Injection Vulnerability

### Impact SSID Command Injection Vulnerability ### Patches Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected ### Workarounds If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only) ### References See also https://systeminformation.io/security.html

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

CVE-2023-39043: Home - YK Communications

An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE-2023-41030: Juplink RX4-1500 Hard-coded Credential Vulnerability - Exodus Intelligence

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.