Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. score of 6.8.

Hacking 135

Hacking Firmware Encryption Manufacturing 135

Security Affairs

DECEMBER 8, 2020

Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The third flaw is an Authenticated Crontab Injection that could allow an authenticated user to inject arbitrary CRON entries that will then be executed as root.

VPN 131

VPN Hacking Firmware Authentication 131

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA ) CISA orders federal agencies to fix these vulnerabilities by June 6, 2024.

Firmware 127

Firmware Authentication Passwords Hacking 127

Security Affairs

NOVEMBER 2, 2024

Affected devices use VHD PTZ camera firmware < 6.3.40 is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. . “Organizations using VHD PTZ camera firmware < 6.3.40 CVE-2024-8957 (CVSS score of CVSS 7.2)

Firmware 119

Firmware Manufacturing IoT Healthcare 119

Security Affairs

JUNE 14, 2024

CVE-2024-4358 is an authentication bypass vulnerability that an unauthenticated attacker can exploit to gain access to Telerik Report Server restricted functionality. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, Android Pixel)

Firmware 129

Firmware Authentication Hacking Cybersecurity 129

Security Affairs

DECEMBER 30, 2022

The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible. “NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability” reads the advisory published by the company.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5) CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2) CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5)

Hacking 98

Hacking Firmware Authentication Software 98

Security Affairs

JUNE 19, 2024

The allegedly stolen data includes information on future products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation. It’s unclear if the data is authentic and which it the source.

Data breaches 136

Data breaches Firmware Cybercrime Media 136

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance 102

Surveillance Hacking Firmware Manufacturing 102

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

NOVEMBER 25, 2024

According to the advisory, the attack is only possible if the device is configured to use User-Based-PSK authentication and has a valid user with a username longer than 28 characters. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 ” reads the advisory published by the vendor.

Firewall 73

Firewall Ransomware VPN Firmware 73

Security Affairs

JUNE 5, 2024

CVE-2024-29975 : This improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 and NAS542 devices could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. The vulnerabilities affect NAS326 running firmware versions 5.21(AAZF.16)C0

Firmware 125

Firmware Authentication Manufacturing Hacking 125

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication 130

Authentication Firmware Hacking Engineering 130

Pen Test Partners

SEPTEMBER 25, 2024

Despite increasing OS, firmware and hardware protections, enterprise systems and remote DMA-enabled networks such as cloud environments continue to be vulnerable to DMA attacks. Malware that has already compromised a system could modify firmware to gain privileges within the system via DMA. What is DMA?

Risk 59

Risk Hacking Firmware Passwords 59

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. SecurityAffairs – hacking, Dahua cameras).

Authentication 144

Authentication Firmware Hacking Engineering 144

Security Affairs

SEPTEMBER 6, 2021

Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart switches used on businesses. The flaws affected multiple products including the following smart switches, below is the list of the impacted devices and related firmware fixes: GC108P fixed in firmware version 1.0.8.2

Firmware 127

Firmware Authentication Passwords Hacking 127

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. The bootkit hooks UEFI authentication functions to bypass the Secure Boot mechanism and patches GRUB boot loader functions to evade additional integrity verifications. ” concludes the report.

Firmware 58

Firmware Manufacturing Malware Authentication 58

Security Affairs

JANUARY 22, 2021

The experts discovered that Amazon did not verify the authenticity of the email sender, this means that attackers can spoof an email address that is present in the list of approved addresses. Experts also published a video PoC of the KindleDRIP exploit chain on a new Kindle 10 running firmware version 5.13.2. Pierluigi Paganini.

Hacking 144

Hacking Authentication Firmware Phishing 144

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. ” reads the advisory published by ZDI.

Firmware 98

Firmware Authentication Software Hacking 98

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 142

Firmware Authentication Hacking Software 142

Security Affairs

OCTOBER 4, 2023

WLAN Firmware Internal CVE-2023-24855 : Use of Out-of-range Pointer Offset in Modem. CVE-2023-28540 : Improper Authentication in Data Modem. The flaw is a cryptographic issue in the Data Modem caused by the improper authentication during TLS handshake. CVE-2023-33028 : Buffer Copy without Checking Size of Input in WLAN Firmware.

Firmware 124

Firmware Surveillance Authentication Manufacturing 124

Security Affairs

AUGUST 2, 2024

“Commands can be injected over the network and executed without authentication.” ” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. ” reads the advisory published by CISA.

Firmware 128

Firmware Firewall Risk Authentication 128

Security Affairs

AUGUST 22, 2024

The identity authentication bypass vulnerability found in some Dahua products during the login process. “The The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.”

Authentication 99

Authentication Firmware Hacking Engineering 99

Security Affairs

MARCH 8, 2020

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. NETGEAR strongly recommends that you download the latest firmware as soon as possible.” Pierluigi Paganini.

Firmware 141

Firmware Wireless Advertising Authentication 141

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. ” reads the advisory published by Zyxel.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” reads the post published by Eclypsium.

Hacking 104

Hacking Firmware Media Authentication 104

Security Affairs

NOVEMBER 27, 2024

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. The bootkit hooks UEFI authentication functions to bypass the Secure Boot mechanism and patches GRUB boot loader functions to evade additional integrity verifications.

Firmware 62

Firmware Authentication Malware Hacking 62

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Firmware 145

Firmware Spyware Surveillance Hacking 145

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

SEPTEMBER 4, 2024

“D-Link DIR-846W Firmware A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44342) via the wl(0).(0)_ssid The fourth issue addressed by the company is a high-severity RCE vulnerability, tracked as CVE-2024-44340 (with a CVSS score of 8.8), which can be exploited by an authenticated attacker.

Firmware 121

Firmware IoT Authentication Hacking 121

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The malicious build interferes with the authentication in sshd through systemd.

Firmware 133

Firmware Authentication Engineering Hacking 133

Security Affairs

DECEMBER 31, 2021

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. ” states Tenable. .

Firmware 143

Firmware Encryption Authentication Passwords 143

Security Affairs

MAY 4, 2023

In order to exploit the flaw, an attacker has to upgrade an affected device to a crafted version of the firmware. “This vulnerability is due to a missing authentication process within the firmware upgrade function.” “Cisco has not released firmware updates to address this vulnerability.

Firmware 98

Firmware Education Media Authentication 98

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 117

Firmware Ransomware Passwords Mobile 117

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 98

Firmware Authentication Passwords Hacking 98

Security Affairs

JUNE 16, 2024

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones Google fixed an actively exploited zero-day (..)

Data breaches 122

Data breaches Hacking Ransomware Malware 122