Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.

平素は、弊社製品をご愛用頂きまして誠にありがとうございます。  
弊社無線LANアクセスポイントにおきまして、 「STモード」で使用した場合、複数の脆弱性があることが判明いたしました。  
（注：弊社無線LANアクセスポイントを「MSモード」で使用した場合は、今回判明した脆弱性はございません）

つきましては、下記の対処方法にしたがって、対処をお願いいたします。なお、保守期間が既に終了している機種につきましては、製品の使用中止を推奨いたします。弊社「サポート基本ポリシー」をご理解いただき、後継機種への移行をご検討ください。

この度は、お客様に大変ご迷惑をおかけしますことを深くお詫び申し上げます。  
何卒ご理解とご協力を賜りますようお願い申し上げます。

****＜判明した脆弱性について＞****

脆弱性① OSコマンドインジェクション(CWE-78)：CVE-2023-39222  
\*当該製品にログインしたユーザにより、細工されたリクエストを送られた場合、ウェブインターフェースから実行することが想定されていない任意のOSコマンドを実行される可能性があります

脆弱性② クロスサイト・スクリプティング(CWE-79)：CVE-2023-39429  
\*当該製品のユーザが細工した設定を行った場合、当該製品にログインした他ユーザのウェブブラウザ上で、任意のスクリプトを実行される可能性があります

脆弱性③クロスサイトリクエストフォージェリ(CWE-352)：CVE-2023-41086  
\*当該製品にログインした状態のユーザが、外部の細工されたページにアクセスした場合、当該製品に対して意図しない操作をさせられる可能性があります

脆弱性④ 認証回避(CWE-288)：CVE-2023-42771  
\*当該製品にアクセス可能な第三者によって、設定ファイルやログファイルをダウンロードされたり、設定ファイルやファームウェアをアップロードされる可能性があります

脆弱性⑤パストラバーサル(CWE-22)：CVE-2023-43627  
\*当該製品にログインしたユーザにより、細工されたリクエストを送られた場合、システムファイルなどの重要情報が改ざんされる可能性があります

**＜対処方法＞**

**対象製品群１ <保守対象機種>**

下表の対象製品をご使用の場合は、対策ファームウェアを弊社ホームページからダウンロードいただき、ファームウェアアップデートをお願いいたします。なお、ファームウェアアップデートを実施せずにご使用になられる場合は、 <軽減策のご案内\> に記載した内容の実施をお願いいたします。

対象製品

脆弱性①

脆弱性②

脆弱性③

脆弱性④

脆弱性⑤

対策ファームウェア

ACERA 1310

該当

\-

\-

該当

該当

ver.01.41

ACERA 1320

該当

\-

\-

該当

該当

ver.01.41

ACERA 1210

該当

該当

該当

\-

\-

ver.02.40

ACERA 1150i

該当

該当

該当

\-

\-

ver.01.40

ACERA 1150w

該当

該当

該当

\-

\-

ver.01.40

ACERA 1110

該当

該当

該当

\-

\-

ver.01.80

ACERA 1020

該当

該当

該当

\-

\-

ver.01.90

ACERA 1010

該当

該当

該当

\-

\-

ver.01.90

ACERA 950

該当

該当

該当

\-

\-

ver.01.70

ACERA 850F

該当

該当

該当

\-

\-

ver.01.70

**対象製品群２ <保守終了機種>**

下表の対象製品については、保守期間は既に終了しているため、対策として製品の使用中止を推奨いたします。また、新製品への移行をご検討ください。やむを得ずそのままご使用になられる場合は、 <軽減策のご案内\> に記載内容の実施をお願いいたします。

対象製品

脆弱性①

脆弱性②

脆弱性③

脆弱性④

脆弱性⑤

保守終了月

ACERA 900

該当

該当

該当

\-

\-

2022年2月

ACERA 850M

該当

該当

該当

\-

\-

2022年9月

ACERA 810

該当

該当

該当

\-

\-

2022年4月

ACERA 800ST

該当

該当

該当

\-

\-

2022年4月

****＜軽減策のご案内＞****

**全脆弱性共通の軽減策**

ログインID/パスワードの変更  
　\* Web設定画面へのログインID、パスワードをデフォルト値から変更してください  
　\* 一般的なパスワード生成ツールにより複雑性の高いパスワードを設定して頂くことを推奨します

無線LANアクセスポイントでのアクセス制限　※  
　\* MAC アドレスフィルタリング機能にてアクセスを許可する端末のMAC アドレスを制限してください  
　\* 無線セパレータ機能による接続端末の通信制限をしてください  
　\* IPマスカレード設定の有線LANフィルタ機能により有線側からACERAへのアクセスを禁止してください  
　※アクセス制限方法につきましては、取扱説明書をご覧ください

ネットワーク機器でのアクセス制限  
　\* ネットワーク機器によりWAN 側および LAN 側でアクセス許可しているIPセグメント以外からのアクセスを禁止してください

**脆弱性③ クロスサイトリクエストフォージェリ(CWE-352)の軽減策**

使用上のご注意  
　\* Web設定画面へログインしている間、他のWebサイトにアクセスしないでください  
　\* Web設定画面の操作終了後は、Webブラウザを終了してください

CVE-2023-43627: 【重要】無線LANアクセスポイント「STモード」における複数の脆弱性と対処方法について | 業務用wifi(無線lan)のフルノシステムズ

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

**October 2023 Product Security Bulletin**

Published 2023-10-02

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2023-20819, CVE-2023-32819, CVE-2023-32820

Medium

CVE-2023-32821, CVE-2023-32822, CVE-2023-32823, CVE-2023-32824, CVE-2023-32826, CVE-2023-32827, CVE-2023-32828, CVE-2023-32829, CVE-2023-32830

****Details****

CVE

**CVE-2023-20819**

Title

Out-of-bounds write in CDMA PPP protocol

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Modem LR11, LR12A, LR13, NR15, NR16, NR17

CVE

**CVE-2023-32819**

Title

Exposure of sensitive information to an unauthorized actor in display

Severity

High

Vulnerability Type

ID

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32820**

Title

Denial of service in wlan firmware

Severity

High

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8168, MT8365, MT8518S, MT8532, MT8666, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Linux 4.19 / Yocto 3.1, 3.3 / IOT-v23.0

CVE

**CVE-2023-32821**

Title

Exposure of sensitive information to an unauthorized actor in video

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32822**

Title

Improper input validation in ftm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32823**

Title

Integer overflow or wraparound in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32824**

Title

Double free in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32826**

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32827**

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-32828**

Title

Integer overflow or wraparound in vpu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395

Affected Software Versions

Android 12.0 / IOT-v23.0

CVE

**CVE-2023-32829**

Title

Out-of-bounds write in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0

CVE

**CVE-2023-32830**

Title

Out-of-bounds write in TVAPI

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981

Affected Software Versions

Android 10.0, 11.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

October 2, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2023-32830: October 2023

Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.

CVE-2022-35908: Enterprise Wi-Fi System Software Release - 6.4.2

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-44015: Tenda/AC10U/8/0.md at main · aixiao0621/Tenda

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

CVE-2023-44023: Tenda/AC10U/4/0.md at main · aixiao0621/Tenda

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2023-44016: Tenda/AC10U/7/0.md at main · aixiao0621/Tenda

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.

CVE-2023-44020: Tenda/AC10U/9/0.md at main · aixiao0621/Tenda

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

**Summary**

I spotted two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code:  
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/wifi/eswifi/eswifi\_core.c#L493  
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/wifi/eswifi/eswifi\_shell.c#L43

**Details**

Potential off-by-one buffer overflow in /drivers/wifi/eswifi/eswifi\_core.c:

int eswifi\_mgmt\_iface\_status(const struct device \*dev,
			     struct wifi\_iface\_status \*status)
{
	struct eswifi\_dev \*eswifi \= dev\->data;
	struct eswifi\_sta \*sta \= &eswifi\->sta;

	/\* Update status \*/
	eswifi\_status\_work(&eswifi\->status\_work.work);

	if (!sta\->connected) {
		status\->state \= WIFI\_STATE\_DISCONNECTED;
		return 0;
	}

	status\->state \= WIFI\_STATE\_COMPLETED;
	strcpy(status\->ssid, sta\->ssid); /\* VULN: off-by-one (sta->ssid\[33\] copied over status->ssid\[32\]) \*/ 
	status\->ssid\_len \= strlen(sta\->ssid);
	status\->band \= WIFI\_FREQ\_BAND\_2\_4\_GHZ;
	status\->channel \= 0;
...

Potential static buffer overflow in /drivers/wifi/eswifi/eswifi\_shell.c:

static int eswifi\_shell\_atcmd(const struct shell \*sh, size\_t argc,
			      char \*\*argv)
{
	int i;

	if (eswifi \== NULL) {
		shell\_print(sh, "no eswifi device registered");
		return \-ENOEXEC;
	}

	if (argc < 2) {
		shell\_help(sh);
		return \-ENOEXEC;
	}

	eswifi\_lock(eswifi);

	memset(eswifi\->buf, 0, sizeof(eswifi\->buf));
	for (i \= 1; i < argc; i++) {
		strcat(eswifi\->buf, argv\[i\]); /\* VULN: static buffer overflow \*/
	}
	strcat(eswifi\->buf, "\\r");

	shell\_print(sh, "> %s", eswifi\->buf);
	eswifi\_at\_cmd(eswifi, eswifi\->buf);
	shell\_print(sh, "< %s", eswifi\->buf);

	eswifi\_unlock(eswifi);

	return 0;
}

**PoC**

I haven't tried to reproduce these potential vulnerabilities against a live install of the Zephyr OS.

**Impact**

If the unchecked inputs above are attacker-controlled and cross a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution.

CVE-2023-4259: Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver

With the number of internet blackouts on the rise, cybersecurity firm eQualitie figured out how to hide censored online news in satellite TV signals.

All over the world, walls are going up around the internet.

For years, autocratic regimes have been in a race to heighten those walls, as their citizens develop taller and taller ladders. The more they filter and block, the more their citizens come up with clever technical solutions to access the uncensored truth. There is mounting evidence, however, that repressive regimes are opting to just shut down access to the open internet entirely—and that such blackouts could become permanent.

A team of cybersecurity researchers believe they have come up with a clever new way to fight back: a trojan horse. Specifically, a satellite feed designed to look like a television station, which actually carries a payload of uncensored news and information. It’s a particularly retro solution to a very modern problem.

The program, dubbed eQsat, has been tested and is ready to be put into action during the next internet shutdown—whether it’s in Russian-occupied Ukraine, Iran, or one of the many repressive regimes that regularly block internet access.

The cybersecurity firm behind the program, eQualitie, has spent years developing tools designed for civil society in countries with aggressive internet filtering. Its mobile browser, Ceno, connects users to the open internet and serves content peer-to-peer. When a particular website is blocked or throttled, Ceno grabs a copy of the website supplied by another user who can access the site normally.

Ceno’s weakness—like all peer-to-peer services—is that it still requires some connection to the outside world to deliver blocked content. During a total shutdown, Ceno’s peer-to-peer connections are severed as well.

There are some unreliable solutions to this problem. In some cases, mobile internet or Wi-Fi can be broadcast into an area experiencing an internet shutdown—there have been plans to try to broadcast a cellular or Wi-Fi signal from Finland into Russia, for example. In North Korea, balloons with USB keys attached bring news and entertainment into one of the most heavily censored countries in the world.

But cell signals can be jammed, Starlink terminals can be triangulated, and balloons can be intercepted. The best way to deliver information into a closed country without being caught or thwarted, Jason Roks tells WIRED, is steganography: the act of camouflaging information inside another message. And eQsat is the answer to the question “How do you blend in the most?”

Roks and the team at eQualitie rented space on commercial satellites and began broadcasting their own television channel to countless home satellite receivers throughout Asia and Africa. But should anyone be flipping through the channels, the eQualitie station will be static or color bars. Anyone who records the channel to a USB key, however, would discover that one of the audio tracks is, in fact, a compressed file. Extracted on a computer, it reveals a wealth of information.

“So this is a mechanism we developed to replenish from the outside,” Roks says. “We partnered with dozens of news organizations to, basically, take a snapshot of their websites and—very much like Internet Archive, the Wayback Machine—we keep a version of their site. And we update them daily, quarterly, whatever that basis is. And that works out to about, all those sites for Russia and Ukraine, about a gig and a half of data.” That data, once extracted, can be fed into the BitTorrent network, and can update the cache for their Ceno browser.

A Tricky New Way to Sneak Past Repressive Internet Censorship

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

*   September 18, 2023
*   Advisories

**EIP-9f56ea7e**

A command injection exists in Juplink RX4-1500, a WiFi router. An authenticated attacker can exploit this vulnerability to achieve code execution as root.

Vulnerability Identifiers

*   Exodus Intelligence: EIP-9f56ea7e
*   MITRE: CVE-2023-41029

**Vulnerability Metrics**

*   CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
*   CVSSv2 Score: 7.7

**Vendor References**

*   The affected product is end-of-life and no patches are available.

**Discovery Credit**

*   Exodus Intelligence

**Disclosure Timeline**

*   Vendor response to disclosure: July 30, 2020
*   Disclosed to public: September 18, 2023

**Further Information**

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Tag

#wifi