HNS-2022-02 – HN Security Advisory – Multiple vulnerabilities in Zyxel zysh

Read Time:21 Second

Posted by Marco Ivaldi on Jun 10

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.

* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:…

Read More

Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script “.bat” file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can…

Read More

Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g….

Read More

Trojan-Proxy.Win32.Symbab.o / Heap Corruption

Read Time:20 Second

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Proxy.Win32.Symbab.o
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 8080. Attackers who can reach
an infected system can send a corrupt HTTP request for the “redirecturl”
parameter causing…

Read More

Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Banker.Win32.Banker.agzg
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to c drive granting change (C)
permissions to the authenticated user group. Standard users can rename the
executable dropped…

Read More

Ransom.Haron / Code Execution

Read Time:20 Second

Posted by malvuln on Jun 10

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Haron
Vulnerability: Code Execution
Description: Haron looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption….

Read More

[SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Read Time:16 Second

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-014
Product: Fingerprint Secure Portable Hard Drive
Manufacturer: Verbatim
Affected Version(s): #53650
Tested Version(s): #53650
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution…

Read More

[SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD – Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Read Time:18 Second

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-011
Product: Executive Fingerprint Secure SSD
Manufacturer: Verbatim
Affected Version(s): GDMSFE01-INI3637-C VER1.1
Tested Version(s): GDMSFE01-INI3637-C VER1.1
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date:…

Read More

[SYSS-2022-006]: Verbatim Store ‘n’ Go Secure Portable HDD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Read Time:17 Second

Posted by Matthias Deeg on Jun 10

Advisory ID: SYSS-2022-006
Product: Store ‘n’ Go Secure Portable HDD
Manufacturer: Verbatim
Affected Version(s): GD25LK01-3637-C VER4.0
Tested Version(s): GD25LK01-3637-C VER4.0
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status: Open
Manufacturer…

Read More