сряда, 17 юли 2019 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (17 items)


New vulnerabilities from the NVD: CVE-2017-13718

The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force t he credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.
Published at: June 11, 2019 at 01:29AM
View on website

June 11, 2019 at 04:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-13717

Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
Published at: June 11, 2019 at 01:29AM
View on website

June 11, 2019 at 04:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-11801

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.
Published at: June 11, 2019 at 08:29PM
View on website

June 11, 2019 at 10:56PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-11800

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
Published at: June 11, 2019 at 08:29PM
View on website

June 11, 2019 at 10:56PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18378

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18377

An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2016-10760

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2010-5330

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2009-5157

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2009-5156

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
Published at: June 12, 2019 at 12:29AM
View on website

June 12, 2019 at 02:56AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-15123

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.
Published at: June 12, 2019 at 05:29PM
View on website

June 12, 2019 at 08:56PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-12147

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel? Server Platform Services before version 4.0 and Intel? Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
Published at: June 13, 2019 at 07:29PM
View on website

June 13, 2019 at 10:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10947

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.
Published at: June 13, 2019 at 10:29PM
View on website

June 14, 2019 at 12:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-10946

An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.
Published at: June 13, 2019 at 10:29PM
View on website

June 14, 2019 at 12:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-8252

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130
Published at: June 14, 2019 at 08:29PM
View on website

June 14, 2019 at 10:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-7472

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
Published at: June 16, 2019 at 02:29AM
View on website

June 16, 2019 at 04:49AM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар