Tag
#zero_day
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ...
Categories: Business Dive into where we prevented more than the rest and how we were able to do it. (Read more...) The post Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 appeared first on Malwarebytes Labs.