Android (AOSP) User Dictionary Content Provider Authorization Bypass
Android Open Source Project (AOSP) vulnerability discovered, where a malicious application without any permission could exploit access to the user personal dictionary.
HooToo Security Advisory
HT-TM05 is vulnerable to unauthenticated remote code execution in the /sysfirm.csp CGI endpoint, which allows an attacker to upload an arbitrary shell script that will be executed with root privileges on the device.
Microsoft Kernel Graphic Driver Kernel Memory Address Disclosure
The latest version of Microsoft Basic Render Driver (BasicRender.sys 10.0.15063.413) is vulnerable to information disclosure. This issue allows an unprivileged user to map the kernel memory layout.
Physical and Authentication Bypass in Diebold Opteva ATM
Historically, ATMs have been designed without privileged separation between the safe and the internal operating system. In an attempt to address this security concern, Diebold developed the AFD platform. The Opteva line of ATMs with the AFD platform contain an upper cabinet for the operating system and a lower cabinet for the safe, each with its own authentication requirements. Using reverse engineering and protocol analysis, IOActive found a critical vulnerability in the tested version of the Opteva ATM with the AFD platform. Despite its separation of privilege and authentication requirements,…
Ninebot by Segway miniPRO Vulnerabilities
Ninebot Limited, which purchased Segway Inc. in 2015, sells a line of self-balancing motorized electric scooters used for transportation under 30km/h. Recently, issues regarding the safety of scooters have surfaced, primarily caused by poor manufacturing quality or a general lack of safety-centered design.
Secure Messaging Application Vulnerabilities Identified
IOActive security researchers tested versions 1.4.2 for Windows and OS X and 4.0.4 for Android, of the Confide messaging application by reverse engineering the published application, observing its behavior, and interacting with the public API. During the evaluation, multiple security vulnerabilities of varying severities were identified, with corresponding attacker exploitation risks ranging from account impersonation and message tampering, to exposing user contact details and hijacking accounts. The issues were reported to the vendor through responsible disclosure and many, including those identified as being critical, were subsequently addressed and resolved quickly…
Security Vulnerabilities in Routers
The LB-LINK BL-WR2000 router, manufactured in China and sold world-wide, contains a critical vulnerability that allows an attacker to extract the admin credentials from the login page and gain access to the web admin interface. IOActive has identified 3 high to critical vulnerabilities in the product. An attacker could exploit these issues to fully compromise the device.
Multiple Vulnerabilities in BHU WiFi “uRouter”
The BHU WiFi uRouter, manufactured and sold in China, contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic. IOActive has identified seven medium to critical risk vulnerabilities in the product. An attacker could exploit these issues to fully compromise the…
Multiple Vulnerabilities in D-Link DCS-5009L IP Camera
The D-Link DCS-5009L IP Camera can be used to remotely monitor your home. It can be accessed via the D-Link Cloud or configured to upload recordings to an FTP server, as well as send notifications by email. The DCS-5009L can rotate and tilt, and has night vision and movement detection. IOActive has identified four high-risk and two low-risk vulnerabilities in the D-Link DCS-5009L IP Camera. An attacker could exploit these issues to fully compromise the confidentiality, integrity, and availability of the product.
Authenticated OS Command Injection on TP-LINK Cloud Cameras
An attacker with Administrator (admin) access to the administrative web panel of a TP-LINK Cloud Camera can gain root access to the device, fully compromising its confidentiality, integrity, and availability.