Vulnerabilities in Internet Radio auna IR-160 SE (UIProto)

Read Time:25 Second

Posted by naphthalin via Fulldisclosure on Sep 04

The internet radio device auna IR-160 SE has multiple vulnerabilities.
It uses the firmware UIProto, different versions of which can also be
found in many other radios.

1. The firmware offers a rudimentary web API that can be reached on the
local network on port 80. This API is completely unauthenticated,
allowing anyone to control the radio over the local network. (already
known as CVE-2019-13474, but relevant for the other two findings)…

USN-7430-1: Dino vulnerability

Kim Alvefur discovered that Dino did not correctly sanitize certain messages. A remote attacker could possibly use this issue to...

April 9, 2025

USN-7346-3: OpenSC vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem....

April 9, 2025

USN-7426-2: poppler vulnerabilities

USN-7426-1 fixed several vulnerabilities in poppler. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS....

April 9, 2025

fish-3.7.1-2.el9

FEDORA-EPEL-2025-cd25b2c8a7 Packages in this update: fish-3.7.1-2.el9 Update description: Fixes a security issue that requires updating to fish >= 3.6.2 See...

April 9, 2025