Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. ZigBee is an IEEE 802.15.4-based

Hacking 141

Hacking IoT Wireless Firmware 141

Security Affairs

MARCH 8, 2020

Netgear is warning users of a critical remote code execution flaw that could allow an unauthenticated attacker to take control of its wireless routers. “NETGEAR has released fixes for a unauthenticated remote code execution security vulnerability on the following product models: R7800, running firmware versions prior to 1.0.2.68.

Firmware 144

Firmware Wireless Advertising Authentication 144

Security Affairs

JUNE 13, 2020

D-Link has released a firmware update to address three security flaws impacting the DIR-865L home router model, but left some issue unpatched. D-Link has recently released a firmware update to address three out of six security flaws impacting the DIR-865L wireless home router. SecurityAffairs – D-Link DIR-865L, hacking).

Firmware 108

Firmware Wireless Advertising Risk 108

Security Affairs

AUGUST 27, 2020

Example of available open printers on a single IoT search engine (Shodan.io): As we can see, many users and organizations still use internet-connected devices without thinking about security, installing firmware updates, or taking into account the implications of leaving their devices publicly accessible. Change the default password. .

Hacking 145

Hacking IoT Firmware Internet 145

Security Affairs

DECEMBER 30, 2022

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models.

Firmware 98

Firmware Wireless Authentication Hacking 98

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. SecurityAffairs – Zyxel, hacking). ” reads the advisory.

DNS 97

DNS Hacking Firmware Wireless 97

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 111

Passwords Hacking Wireless Authentication 111

Security Affairs

APRIL 19, 2019

Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. Below the details for the flaws: Vulnerabilities in the open source brcmfmac driver: • CVE-2019-9503 : If the brcmfmac driver receives the firmware event frame from the host, the appropriate handler is called.

Hacking 111

Hacking Firmware Advertising Wireless 111

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router.

Firmware 128

Firmware Wireless Passwords Internet 128

Security Affairs

FEBRUARY 4, 2021

.” The IT giant revealed that the vulnerabilities affect the following Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.01.02: RV160 VPN Router RV160W Wireless-AC VPN Router RV260 VPN Router RV260P VPN Router with POE RV260W Wireless-AC VPN Router. Pierluigi Paganini.

VPN 127

VPN Small Business Wireless Firmware 127

Security Affairs

DECEMBER 13, 2021

According to the research paper published by the experts, modern mobile devices use separate wireless chips to manage wireless technologies, such as Bluetooth, Wi-Fi, and LTE. The researchers explained that it is possible to use these shared resources to launch lateral privilege escalation attacks across wireless chip boundaries.

Wireless 114

Wireless Firmware Mobile Passwords 114

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Security Affairs

NOVEMBER 11, 2021

Below is the list of exploits used by the bot: Vulnerability Affected devices CVE-2020-8515 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices CVE-2015-2051 D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT 139

IoT Firmware Malware Wireless 139

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” ” Experts pointed out that when an iPhone is turned off, most wireless chips (Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB)) continue to operate. .”

Malware 98

Malware Wireless Firmware Mobile 98

Security Affairs

DECEMBER 17, 2023

A close look at the ongoing campaign revealed that the bot also targets wireless LAN routers built for hotels and residential applications. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier. and earlier (5.0.0 released June 21, 2014).

Firmware 138

Firmware Wireless DDOS IoT 138

Security Affairs

SEPTEMBER 8, 2020

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. ” continues the report.

Firmware 128

Firmware Wireless Authentication Advertising 128

Security Affairs

SEPTEMBER 19, 2022

The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. . SecurityAffairs – hacking, Log4Shell). Pierluigi Paganini.

Wireless 102

Wireless Firmware Passwords Engineering 102

Security Affairs

AUGUST 12, 2019

The expert explained that the attackers can set up a rogue WiFi access point and exploit wireless connection feature of the Canon EOS 80D DSLR cameras, another scenario sees attacker compromising the device through the PC it connects to. Owners of Canon EOS 80D DSLR can address the issues by installing the firmware version 1.0.3.

Ransomware 111

Ransomware Firmware Wireless Encryption 111

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. Affected devices implement wireless capabilities and cover a wide spectrum of use cases: from residential gateways, travel routers, Wi-Fi repeaters, IP cameras to smart lightning gateways or even connected toys.” Pierluigi Paganini.

IoT 132

IoT Firmware Internet Internet 132

Security Affairs

APRIL 17, 2020

The issue affects the following Cisco products if they have web access enabled and are running a firmware release earlier than the first fixed release for that device: IP Phone 7811, 7821, 7841, and 7861 Desktop Phones IP Phone 8811, 8841, 8845, 8851, 8861, and 8865 Desktop Phones Unified IP Conference Phone 8831 Wireless IP Phone 8821 and 8821-EX.

Big data 138

Big data Wireless Advertising Firmware 138

Security Affairs

AUGUST 1, 2023

Keep the printer’s firmware and software up to date and disable unnecessary services or protocols on the printer that are not required for its intended function. This isolates it from sensitive systems and data, reducing the impact of a compromise.

Wireless 98

Wireless Passwords Firmware Authentication 98

Security Affairs

APRIL 25, 2021

“The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor.

Firmware 121

Firmware Passwords Authentication Wireless 121

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 If possible, enable automatic firmware updates. SecurityAffairs – hacking, Zyxel). Commands are executed as the nobody user.” through ZLD V5.21 through ZLD V5.21

Firewall 98

Firewall Firmware VPN Wireless 98

eSecurity Planet

MARCH 3, 2023

WPA2 is a security protocol that secures wireless networks using the advanced encryption standard (AES). The protocol protects your incoming and outgoing internet traffic and makes it difficult for cyber criminals to intercept your data or hack your device. If this option is not available, you may need to upgrade the router firmware.

Wireless 98

Wireless Encryption Passwords IoT 98

Malwarebytes

AUGUST 2, 2021

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root. The Olympics : a timeline of scams, hacks, and malware. Source: The New York Times) NSA issues guidance on securing wireless devices in public settings. Here’s why. BlackMatter, a new ransomware group , claims link to DarkSide, REvil.

Wireless 102

Wireless Password Management Firmware Passwords 102

Security Affairs

DECEMBER 25, 2018

The researchers noticed that many of the devices found to be leaking their WiFi password use the same password to access the configuration panel and the wireless network. “This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. admin/admin). Pierluigi Paganini.

Passwords 110

Passwords Wireless Advertising Firmware 110

Security Affairs

DECEMBER 9, 2022

Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). SecurityAffairs – hacking, IP phones). Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks.

Wireless 110

Wireless Firmware Hacking Information Security 110

Security Affairs

JULY 24, 2018

The issue tracked as CVE-2018-5383 affects the Secure Simple Pairing and LE Secure Connections features, it affects firmware or drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm. According to Intel , the vulnerability affects the Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC product families.

Wireless 66

Wireless Firmware Advertising Encryption 66

Security Affairs

SEPTEMBER 20, 2020

. “Once the attacker gains full access to the device through the botnet, the firmware level can be changed and additional malware can be planted on the device.” SecurityAffairs – hacking, Mozi botnet). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT 145

IoT DDOS Architecture Passwords 145

Security Affairs

AUGUST 13, 2018

Security researcher has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices.

Wireless 72

Wireless Firmware Manufacturing Advertising 72

Security Affairs

OCTOBER 6, 2018

An attacker needs to share on the same wireless network as the Sony TV in order to trigger the vulnerability. Click the Firmware update link for details about how to check the software version. Security Affairs – Sony Bravia, hacking ). ” reads the blog post published by Fortinet. Pierluigi Paganini.

Advertising 111

Advertising IoT Wireless Firmware 111

Security Affairs

NOVEMBER 1, 2018

” At the time it is not clear the exact number of affected devices, it has been estimated that Cisco and Aruba Networks provide 70% of the wireless access points sold to enterprises every year. The flaw can only be exploited if the device using the chip has the over-the-air firmware download (OAD) feature enabled. or earlier.

Firmware 105

Firmware Manufacturing IoT Advertising 105

Malwarebytes

MARCH 22, 2024

The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. Flipper Zero made headlines in October because versions running third-party firmware could be used to crash iPhones running iOS 17 (since resolved in iOS 17.2).

Penetration Testing 130

Penetration Testing Wireless Firmware Technology 130

Security Affairs

AUGUST 23, 2022

.” If the wpa_supplicant system app (which allows controlling wireless connections) was involved in the launch of the backdoor, Android.BackDoor.3104 It allows a remote or local client to connect and operate in the “mysh” console application, which must first be installed on the device or initially present in its firmware.

Mobile 98

Mobile Firmware Malware Wireless 98

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: Netgear addressed the flaws with the release of the firmware version 4.6.14.3 ” states Talos. on January 19, 2023.

Wireless 98

Wireless Firmware Authentication Passwords 98

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Artificial Intelligence 98