Security Affairs

AUGUST 2, 2024

“Commands can be injected over the network and executed without authentication.” ” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. ” reads the advisory published by CISA.

Firmware 130

Firmware Firewall Risk Authentication 130

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall 275

Firewall Firmware VPN IoT 275

Malwarebytes

AUGUST 9, 2021

Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.”.

Firmware 132

Firmware DDOS Internet Internet 132

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business. As an increasing number of connected devices are deployed within IoT ecosystems, enterprises need to identify and authenticate them. Digital Code Signing.

Manufacturing 89

Manufacturing Internet Internet IoT 89

Security Affairs

MAY 11, 2023

“Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” We are in the final!

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance 145

Surveillance Manufacturing Passwords Internet 145

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. “The switch internal management web application in firmware versions prior to 2.6.0.43 ” reads the advisory published by NCC Group.”

Firmware 143

Firmware Authentication Hacking Software 143

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware 130

Firmware Wireless Passwords Internet 130

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. Modern digital systems simply could not exist without trusted operations, processes and connections. Failure is not an option.

Digital transformation 214

Digital transformation Cybersecurity Computers and Electronics Encryption 214

Malwarebytes

FEBRUARY 16, 2023

Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers’ telephony and internet access.

Firmware 98

Firmware Authentication Passwords Internet 98

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. “Firmware Update 8.2B

Firmware 114

Firmware Manufacturing Passwords Penetration Testing 114

Security Affairs

MARCH 9, 2022

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices. The researchers discovered that the firmware upgrades are not properly signed and validated. ” continues Armis.

Firmware 100

Firmware IoT Authentication Backups 100

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 145

Authentication Firmware Hacking Engineering 145

Security Boulevard

AUGUST 14, 2024

To backtrack a little , it's important to understand that a lot of threat actors target routers - which can include modems and gateways - alongside internet-of-things (IoT devices). Security vulnerabilities in router firmware is too large of a topic to cover in just a section of this post.

Firmware 64

Firmware Manufacturing Malware Passwords 64

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” reported the SektorCERT.

Cyber Attacks 139

Cyber Attacks Firmware Firewall VPN 139

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. The vulnerabilities were found and disclosed by IoT Inspector , a platform for automated security analysis of IoT firmware. Vulnerabilities.

Firmware 100

Firmware IoT Internet Internet 100

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 230

Risk VPN Internet Internet 230

The Last Watchdog

JANUARY 22, 2024

ChargePoint, with its last firmware update, has disabled the HTTP server and updated the NTP client to address the issues. During the firmware analysis, Sternum identified: •an outdated HTTP server, •deprecated NTP client with known vulnerabilities, •deprecated kernel, and •device certificates with unlimited expiration time (See figure 1).

IoT 100

IoT InfoSec Firmware Manufacturing 100

Security Affairs

AUGUST 31, 2020

Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. QNAP addressed the vulnerability with the release of firmware version 4.3.3 The researchers discovered that the issue resides in the CGI program. /httpd/cgi-bin/authLogout.cgi.

Firmware 145

Firmware Advertising Malware Internet 145

eSecurity Planet

AUGUST 20, 2024

August 12, 2024 Ivanti Runs Into Snag With Virtual Traffic Manager Type of vulnerability: Authentication bypass. The problem: Ivanti Virtual Traffic Manager has a vulnerability that could lead to authentication bypass and subsequent creation of an administrator when exploited. Install Web Help Desk version 12.8.3

Authentication 106

Authentication Firmware Technology Spyware 106

eSecurity Planet

JANUARY 16, 2024

Potential results of the exploits include authentication bypass and command injection. January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

SEPTEMBER 4, 2024

“D-Link DIR-846W Firmware A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44342) via the wl(0).(0)_ssid The fourth issue addressed by the company is a high-severity RCE vulnerability, tracked as CVE-2024-44340 (with a CVSS score of 8.8), which can be exploited by an authenticated attacker.

Firmware 123

Firmware IoT Authentication Hacking 123

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

Invariably, Internet of Things (IoT) strategies form the backbone of those efforts. According to research from the Ponemon Institute, almost half (42 per cent) of IoT devices will use digital certificates for authentication in the next two years. The goal is then to analyse it and take impactful action.

Internet 66

Internet Internet IoT Manufacturing 66

Security Affairs

DECEMBER 9, 2021

. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.” TP-Link addressed the flaw on November 12, 2021 with the release of the firmware update TL-WR840N(EU)_V5_211109.

Firmware 145

Firmware Architecture Malware Hacking 145

SecureList

JUNE 20, 2023

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. We later managed to extract the firmware from the EEPROM for further static reverse engineering.

Firmware 96

Firmware Passwords Manufacturing Mobile 96

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet.

IoT 356

IoT Firmware Risk Manufacturing 356

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor.

Firmware 124

Firmware Passwords Authentication Wireless 124

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.

Firmware 117

Firmware Manufacturing Software Authentication 117

Security Affairs

AUGUST 13, 2023

The experts pointed out that the exploiting the vulnerabilities requires user authentication, as well as deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses. Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0

Authentication 98

Authentication Firmware Hacking Passwords 98

Pen Test Partners

SEPTEMBER 9, 2024

Privacy and Passwords: Two-step verification is done by default, but multi-factor authentication (MFA) is recommended. While 2SV is a valuable security measure, it is less robust than multi-factor authentication (MFA). SimpliSafe quickly fixed this with a firmware update. Who is Ring? Strong password practices are advised.

Firmware 64

Firmware Encryption Passwords Authentication 64

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall 136

Firewall Firmware Cyber Attacks VPN 136

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware 130

Firmware Wireless Authentication Advertising 130

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. The flaw could be exploited by an attacker to remotely execute code taking over the device. ” states the advisory.

Firmware 140

Firmware Authentication Mobile IoT 140

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet.

IoT 134

IoT Firmware Internet Internet 134

CyberSecurity Insiders

AUGUST 13, 2021

Tenable researchers claim hackers are exploiting a security flaw termed authentication-bypass vulnerability that is impact routers and internet of things (IoT) devices. What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan.

Firmware 136

Firmware DDOS Malware Manufacturing 136