RESOURCES

HT-TM05 is vulnerable to unauthenticated remote code execution in the /sysfirm.csp CGI endpoint, which allows an attacker to upload an arbitrary shell script that will be executed with root privileges on the device.

The latest version of Microsoft Basic Render Driver (BasicRender.sys 10.0.15063.413) is vulnerable to information disclosure. This issue allows an unprivileged user to map the kernel memory layout.

Historically, ATMs have been designed without privileged separation between the safe and the internal operating system. In an attempt to address this security concern, Diebold developed the AFD platform. The Opteva line of ATMs with the AFD platform contain an upper cabinet for the operating system and a lower cabinet for the safe, each with its own authentication requirements. Using reverse engineering and protocol analysis, IOActive found a critical vulnerability in the tested version of the Opteva ATM with the AFD platform. Despite its separation of privilege and authentication requirements,…

Ninebot Limited, which purchased Segway Inc. in 2015, sells a line of self-balancing motorized electric scooters used for transportation under 30km/h. Recently, issues regarding the safety of scooters have surfaced, primarily caused by poor manufacturing quality or a general lack of safety-centered design.

IOActive security researchers tested versions 1.4.2 for Windows and OS X and 4.0.4 for Android, of the Confide messaging application by reverse engineering the published application, observing its behavior, and interacting with the public API. During the evaluation, multiple security vulnerabilities of varying severities were identified, with corresponding attacker exploitation risks ranging from account impersonation and message tampering, to exposing user contact details and hijacking accounts. The issues were reported to the vendor through responsible disclosure and many, including those identified as being critical, were subsequently addressed and resolved quickly…

The LB-LINK BL-WR2000 router, manufactured in China and sold world-wide, contains a critical vulnerability that allows an attacker to extract the admin credentials from the login page and gain access to the web admin interface. IOActive has identified 3 high to critical vulnerabilities in the product. An attacker could exploit these issues to fully compromise the device.

The BHU WiFi uRouter, manufactured and sold in China, contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic. IOActive has identified seven medium to critical risk vulnerabilities in the product. An attacker could exploit these issues to fully compromise the…

The D-Link DCS-5009L IP Camera can be used to remotely monitor your home. It can be accessed via the D-Link Cloud or configured to upload recordings to an FTP server, as well as send notifications by email. The DCS-5009L can rotate and tilt, and has night vision and movement detection. IOActive has identified four high-risk and two low-risk vulnerabilities in the D-Link DCS-5009L IP Camera. An attacker could exploit these issues to fully compromise the confidentiality, integrity, and availability of the product.

An attacker with Administrator (admin) access to the administrative web panel of a TP-LINK Cloud Camera can gain root access to the device, fully compromising its confidentiality, integrity, and availability.

The radio interface for the SimpliSafe home burglar/fire alarm systems is not encrypted and does not use “rolling codes,” nonces, two-way handshakes, or other techniques to prevent transmissions from being recorded and reused. An attacker who is able to intercept the radio signals between the keypad and base station can record and re-play the signal in order to turn off the alarm at a time of his choice in the future.