Ninebot by Segway miniPRO Vulnerabilities
Ninebot Limited, which purchased Segway Inc. in 2015, sells a line of self-balancing motorized electric scooters used for transportation under 30km/h. Recently, issues regarding the safety of scooters have surfaced, primarily caused by poor manufacturing quality or a general lack of safety-centered design.
Secure Messaging Application Vulnerabilities Identified
IOActive security researchers tested versions 1.4.2 for Windows and OS X and 4.0.4 for Android, of the Confide messaging application by reverse engineering the published application, observing its behavior, and interacting with the public API. During the evaluation, multiple security vulnerabilities of varying severities were identified, with corresponding attacker exploitation risks ranging from account impersonation and message tampering, to exposing user contact details and hijacking accounts. The issues were reported to the vendor through responsible disclosure and many, including those identified as being critical, were subsequently addressed and resolved quickly…
Security Vulnerabilities in Routers
The LB-LINK BL-WR2000 router, manufactured in China and sold world-wide, contains a critical vulnerability that allows an attacker to extract the admin credentials from the login page and gain access to the web admin interface. IOActive has identified 3 high to critical vulnerabilities in the product. An attacker could exploit these issues to fully compromise the device.
Multiple Vulnerabilities in BHU WiFi “uRouter”
The BHU WiFi uRouter, manufactured and sold in China, contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic. IOActive has identified seven medium to critical risk vulnerabilities in the product. An attacker could exploit these issues to fully compromise the…
Multiple Vulnerabilities in D-Link DCS-5009L IP Camera
The D-Link DCS-5009L IP Camera can be used to remotely monitor your home. It can be accessed via the D-Link Cloud or configured to upload recordings to an FTP server, as well as send notifications by email. The DCS-5009L can rotate and tilt, and has night vision and movement detection. IOActive has identified four high-risk and two low-risk vulnerabilities in the D-Link DCS-5009L IP Camera. An attacker could exploit these issues to fully compromise the confidentiality, integrity, and availability of the product.
Authenticated OS Command Injection on TP-LINK Cloud Cameras
An attacker with Administrator (admin) access to the administrative web panel of a TP-LINK Cloud Camera can gain root access to the device, fully compromising its confidentiality, integrity, and availability.
SimpliSafe Alarm System Replay Attack
The radio interface for the SimpliSafe home burglar/fire alarm systems is not encrypted and does not use “rolling codes,” nonces, two-way handshakes, or other techniques to prevent transmissions from being recorded and reused. An attacker who is able to intercept the radio signals between the keypad and base station can record and re-play the signal in order to turn off the alarm at a time of his choice in the future.
Lenovo TVSUkernel Escalation of Privileges
The Lenovo System Update allows least-privileged users to perform system updates. To do this, System Update includes the System Update service (SUService.exe). This service runs as the privileged SYSTEM user, creates a temporary user account with Administrator privileges, and starts a GUI application (Tvsukernel.exe) with the new Administrator account. Once the application is closed, the temporary Administrator account is appropriately deleted. However the GUI application contains links to online support and privacy help topics, which, when clicked, start a web browser instance under the temporary Administrator account to display the…
Lenovo System Update Created an Insecure Random Administrator Password
This vulnerability allows a local unprivileged user to elevate privileges to Administrator or SYSTEM. Since the user is running the System Update is an unprivileged user, the SUService that is running as System will run the UACsdk.exe binary to create a temporary Administrator account to run the GUI application (Tvsukernel.exe).
Harman-Kardon UConnect Vulnerability
UConnect 8.4AN/RA3/RA4 are vehicle-based infotainment systems. UConnect systems are integrated in certain makes of Chrysler, Dodge, Jeep, and Ram vehicles. The UConnect infotainment system allowed an unauthenticated connection from other access points on the Sprint Network. An attacker could issue commands to other components within the vehicle through the infotainment system.