Code Execution

Find out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code.

TL;DR Find out how multiple vulnerabilities in Hongdian H8922 allow an attacker to run arbitrary commands on the device with root privileges as well as access the device with root privileges via a backdoor account. Vulnerability Summary The H8922 “4G industrial router is based on 3G/4G wireless network and adopts a high-performance 32-bit embedded operating …

SSD Advisory – Hongdian H8922 Multiple Vulnerabilities Read More »

TL;DR Find out how a vulnerability in OverlayFS allows local users under Ubuntu to gain root privileges. Vulnerability Summary An Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this …

SSD Advisory – OverlayFS PE Read More »

TL;DR Find out how a memory corruption vulnerability can lead to a pre-auth remote code execution on QNAP QTS’s Surveillance Station plugin. Vulnerability Summary QNAP NAS with “Surveillance Station Local Display function can perform monitoring and playback by using an HDMI display to deliver live Full HD (1920×1080) video monitoring”. Insecure use of user supplied …

SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE Read More »

TL;DR Find out how multiple vulnerabilities in NetMotion Mobility Server allow an unauthenticated attacker to run arbitrary code on the server with SYSTEM privileges. Vulnerability Summary NetMotion Mobility is “standards-compliant, client/server-based software that securely extends the enterprise network to the mobile environment. It is mobile VPN software that maximizes mobile field worker productivity by maintaining …

SSD Advisory – NetMotion Mobility Server Multiple Deserialization of Untrusted Data Lead to RCE Read More »