HooToo Security Advisory
HT-TM05 is vulnerable to unauthenticated remote code execution in the /sysfirm.csp CGI endpoint, which allows an attacker to upload an arbitrary shell script that will be executed with root privileges on the device.
Microsoft Kernel Graphic Driver Kernel Memory Address Disclosure
The latest version of Microsoft Basic Render Driver (BasicRender.sys 10.0.15063.413) is vulnerable to information disclosure. This issue allows an unprivileged user to map the kernel memory layout.
Physical and Authentication Bypass in Diebold Opteva ATM
Historically, ATMs have been designed without privileged separation between the safe and the internal operating system. In an attempt to address this security concern, Diebold developed the AFD platform. The Opteva line of ATMs with the AFD platform contain an upper cabinet for the operating system and a lower cabinet for the safe, each with its own authentication requirements. Using reverse engineering and protocol analysis, IOActive found a critical vulnerability in the tested version of the Opteva ATM with the AFD platform. Despite its separation of privilege and authentication requirements,…
Ninebot by Segway miniPRO Vulnerabilities
Ninebot Limited, which purchased Segway Inc. in 2015, sells a line of self-balancing motorized electric scooters used for transportation under 30km/h. Recently, issues regarding the safety of scooters have surfaced, primarily caused by poor manufacturing quality or a general lack of safety-centered design.
Secure Messaging Application Vulnerabilities Identified
IOActive security researchers tested versions 1.4.2 for Windows and OS X and 4.0.4 for Android, of the Confide messaging application by reverse engineering the published application, observing its behavior, and interacting with the public API. During the evaluation, multiple security vulnerabilities of varying severities were identified, with corresponding attacker exploitation risks ranging from account impersonation and message tampering, to exposing user contact details and hijacking accounts. The issues were reported to the vendor through responsible disclosure and many, including those identified as being critical, were subsequently addressed and resolved quickly…
Security Vulnerabilities in Routers
The LB-LINK BL-WR2000 router, manufactured in China and sold world-wide, contains a critical vulnerability that allows an attacker to extract the admin credentials from the login page and gain access to the web admin interface. IOActive has identified 3 high to critical vulnerabilities in the product. An attacker could exploit these issues to fully compromise the device.
Multiple Vulnerabilities in D-Link DCS-5009L IP Camera
The D-Link DCS-5009L IP Camera can be used to remotely monitor your home. It can be accessed via the D-Link Cloud or configured to upload recordings to an FTP server, as well as send notifications by email. The DCS-5009L can rotate and tilt, and has night vision and movement detection. IOActive has identified four high-risk and two low-risk vulnerabilities in the D-Link DCS-5009L IP Camera. An attacker could exploit these issues to fully compromise the confidentiality, integrity, and availability of the product.
Authenticated OS Command Injection on TP-LINK Cloud Cameras
An attacker with Administrator (admin) access to the administrative web panel of a TP-LINK Cloud Camera can gain root access to the device, fully compromising its confidentiality, integrity, and availability.
SimpliSafe Alarm System Replay Attack
The radio interface for the SimpliSafe home burglar/fire alarm systems is not encrypted and does not use “rolling codes,” nonces, two-way handshakes, or other techniques to prevent transmissions from being recorded and reused. An attacker who is able to intercept the radio signals between the keypad and base station can record and re-play the signal in order to turn off the alarm at a time of his choice in the future.
Lenovo TVSUkernel Escalation of Privileges
The Lenovo System Update allows least-privileged users to perform system updates. To do this, System Update includes the System Update service (SUService.exe). This service runs as the privileged SYSTEM user, creates a temporary user account with Administrator privileges, and starts a GUI application (Tvsukernel.exe) with the new Administrator account. Once the application is closed, the temporary Administrator account is appropriately deleted. However the GUI application contains links to online support and privacy help topics, which, when clicked, start a web browser instance under the temporary Administrator account to display the…