Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

CVE-2022-45440: Zyxel security advisory for cleartext storage of WiFi credentials and improper symbolic links of FTP for AX7501-B0 CPE | Zyxel Networks

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.

CVE
Open in Source
#vulnerability#auth#wifi
Android TV Box Sold on Amazon Contain Malware

By Deeba Ahmed The affected device was a T95 Android TV box that came with sophisticated, persistent, and pre-installed malware embedded in its firmware. This is a post from HackRead.com Read the original post: Android TV Box Sold on Amazon Contain Malware

Mikko Hypponen’s opinion on the technological revolution

By Owais Sultan Mikko Hypponen, Chief Research Officer at WithSecure (Formerly F-Secure), is considered one of the best cybersecurity speakers in… This is a post from HackRead.com Read the original post: Mikko Hypponen’s opinion on the technological revolution

CVE-2022-3628

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

CVE-2022-43392: Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders | Zyxel Networks

A buffer overflow vulnerability in the parameter of web server in Zyxel Nebula NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

CVE-2022-38105: TALOS-2022-1590 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

CVE-2022-38393: TALOS-2022-1592 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2022-35401: TALOS-2022-1586 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered

Lilith >_> of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable via

Polite WiFi loophole could allow attackers to drain device batteries

Categories: News Tags: polite WiFi Tags: WiPeep Tags: triangulation Tags: battery drain Researchers have found that the WiFi protocol is a bit too polite when acknowledging received packets from outside the own network. (Read more...) The post Polite WiFi loophole could allow attackers to drain device batteries appeared first on Malwarebytes Labs.