Category Archives: Advisories

# Exploit Title: Authenticated Code Injection – smfv2.1.4
# Date: 8/2024
# Exploit Author: Andrey Stoykov
# Version: 2.1.4
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html

Code Injection Authenticated:

Steps to Reproduce:

1. Login as admin
2. Browse to “Current Theme”
3. Click on “Modify Themes” > “SMF Default Theme”
4. Click on…

Advisories

Improper Authentication (CWE-287) CVE-2024-33897

August 18, 2024

Read Time:18 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-043
Product: Ewon Cosy+ / Talk2M Remote Access Solution
Manufacturer: HMS Industrial Networks AB
Affected Version(s): N.A.
Tested Version(s): N.A.
Vulnerability Type: Improper Authentication (CWE-287)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-04-17
Solution Date: 2024-04-18
Public Disclosure:…

Advisories

Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894

August 18, 2024

Read Time:18 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-033
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: all versions
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Execution with Unnecessary Privileges (CWE-250)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2024-04-10
Solution Date: Not…

Advisories

Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895

August 18, 2024

Read Time:19 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-032
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2024-04-10
Solution…

News, Advisories and much more

Exit mobile version