Advisories
archive

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SSD Advisory – NVMS9000 Information Disclosure

Summary The NVMS9000 product by TVT has a critical security flaw that allows remote unauthenticated attackers a wealth of information on the device including, but not limited to, username and passwords, network configuration, etc. This

SSD Advisory – D-Link DIR-X4860 Security Vulnerabilities

Summary Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root. By combining an authentication bypass with command execution the device can

SSD Advisory – IP.Board ‘nexus’ RCE and Blind SQLi

Summary IP.Board e-commerce plugin ‘nexus’ contains two security vulnerabilities that when combined can be used to trigger a pre-auth RCE in AdminCP. Credit An independent security researcher, Egidio Romano from Karma(In)Security, working with SSD Secure

SSD Advisory – Uniview IPC2322LB Auth Bypass and CLI escape

Summary The Uniview IPC2322LB processes authentication requests allows remote attackers to bypass the authentication process and gain unauthorized access. If this is combined with a CLI escape, the Uniview device’s security can be completely compromised.

SSD Advisory – TP-Link NCXXX Authentication Bypass

Summary A vulnerability exists in TP-Link NCXXX family of devices, the vulnerability allows accessing the device without credentials – this chained with well known and currently unpatched post-auth vulnerabilities allow for the complete compromise of

SSD Advisory – TOTOLINK LR1200GB Auth Bypass

Summary A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface. Additional post-auth vulnerabilities in the product allow for command injection and their

SSD Advisory – WifiKey AC Gateway Pre-auth RCE

Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure

?

Get in touch