Monthly Archives: February 2022

Advisories

Backdoor.Win32.FTP.Ics / Port Bounce Scan (MITM)

Read Time:21 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18ac_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Port Bounce Scan (MITM)
Description: The malware listens on TCP port 5554 and accepts any
credentials. Third-party intruders who successfully logon can abuse the
backdoor FTP server as a man-in-the-middle…

Read More

Advisories

Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18ac_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5555. Third-party attackers
who can reach the system can run commands made available by the backdoor
hijacking the…

Read More

Advisories

Backdoor.Win32.FTP.Ics / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18ac_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5555. Third-party attackers
who can reach the system can run commands made available by the backdoor
hijacking the…

Read More

Advisories

Backdoor.Win32.FTP.Ics / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 5554. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then…

Read More

Advisories

Backdoor.Win32.FTP.Ics / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 5554. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then…

Read More

Advisories

Backdoor.Win32.Acropolis.10 / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c3e2bbe5dca96687422f2b4e8c80f4ce.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…

Read More

Advisories

Backdoor.Win32.Acropolis.10 / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Feb 24

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/c3e2bbe5dca96687422f2b4e8c80f4ce.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…

Read More

Advisories

CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies

Read Time:23 Second

Posted by YEUNG, Tsz Ko on Feb 24

Hi all,

I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:

Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)

Vulnerable software download link:…

Read More

Advisories

CVE request for the DLL-Hijacking vulnerability found in ToolBox-V1.010.0000000.0 from Dahua Technologies

Read Time:23 Second

Posted by YEUNG, Tsz Ko on Feb 24

Hi all,

I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:

Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)

Vulnerable software download link:…

Read More