The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.
Category Archives: Advisories
DSA-5301 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or information disclosure.
Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption
Posted by malvuln on Dec 13
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0)
Vulnerability: Insecure Proprietary Password Encryption
Family: CyberGate
Type: PE32
MD5: 618f28253d1268132a9f10819a6947f2
Vuln ID:…
Re: CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh
Posted by Thomas Weber on Dec 13
CyberDanube Security Research 20221009-0
——————————————————————————-
title| Authenticated Command Injection
product| Intelbras WiFiber 120AC inMesh
vulnerable version| 1.1-220216
fixed version| 1-1-220826
CVE number| CVE-2022-40005
impact| High
…
SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 13
SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
=======================================================================
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAP® Host Agent (saposcol)
vulnerable version: see section “Vulnerable / tested versions”
fixed version: see SAP security note 3159736
CVE…
Vulnerabilities Disclosure – Shoplazza Stored XSS
Posted by Andrey Stoykov on Dec 13
# Exploit Title: Shoplazza 1.1 – Stored Cross Site Scripting
# Exploit Author: Andrey Stoykov
# Software Link: https://github.com/Shoplazza/LifeStyle
# Version: 1.1
# Tested on: Ubuntu 20.04
Stored XSS #1:
To reproduce do the following:
1. Login as normal user account
2. Browse “Blog Posts” -> “Manage Blogs” -> “Add Blog Post”
3. Select “Title” and enter payload…
Multiple Vulnerabilities in VMware vRealize Network Insight (vRNI) Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in VMware vRealize Network Insight (vRNI), the most severe of which could result in arbitrary code execution. VMware vRealize Network Insight (vRNI) is an IT management platform which enables visibility, optimization and management of an organization’s physical, virtual and cloud infrastructure. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR) and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
IPS Spike Observed in “TP-Link.Tapo.C200.IP.Camera.Command.Injection”
On December 11th, 2022, FortiGuard Labs observed a significant spike in IPS signature “TP-Link.Tapo.C200.IP.Camera.Command.Injection”. The IPS signature is for CVE-2021-4045 and detects an attack to exploit a Command Injection vulnerability in TP-Link Tapo C200 IP Camera. Successful exploitation of the vulnerability allows remote attackers to gain control of vulnerable devices.Why is this Significant?This is significant due to the detection spike in our IPS signature, which indicates attackers are attempting to exploit TP-Link Tapo C200 IP Camera devices vulnerable to CVE-2021-4045. Also, proof-of-concept (PoC) code for CVE-2021-4045 is readily available. As such, firmware updates need to be applied to the vulnerable devices as soon as possible.What is CVE-2021-4045?CVE-2021-4045 is a Command Injection vulnerability in TP-Link Tapo C200 IP Camera. Successful exploitation of the vulnerability allows remote attackers to gain control of vulnerable devices. CVE-2021-4045 impacts Tapo C200 version 1.15 and below and has a CVSS score of 9.8. How Widespread is the Attack?Based on the telemetry collected by FortiGuard Labs last 24 hours, 24.55% of the detected exploit attempts came from unidentified countries, followed by Japan (22.48%) and the United States (13.95%).Top 10 Countries where “TP-Link.Tapo.C200.IP.Camera.Command.Injection” was Detected last 24 hours
Country
Percentage
Unknown
24.55%
Japan
22.48%
United States
13.95%
Italy
5.43%
Austria
3.88%
Switzerland
2.84%
Netherlands
2.58%
Germany
2.33%
Belgium
2.07%
Canada
2.07%
Has the Vendor Released a Patch for CVE-2021-4045?Yes, the vendor released firmware with a fix.
Cobalt Mirage Affiliate Deployed Drokbk Malware
FortiGuard Labs is aware of a report that the “Cluster B” group who is an alleged affiliate to the Iranian threat actor “Cobalt Mirage” deployed Drokbk malware to victims’ machines. Drokbk uses Github to retrieve a Command-and-Control (C2) server location. According to the report, the Cluster B threat actor was observed to have used Drokbk in an attack against a U.S. government network in early 2022.Why is this Significant?This is significant because Drokbk malware was reportedly deployed to a compromised U.S. government networks in early 2022. Security vendor Secureworks attributed Drokbk to the “Cluster B” group who is an affiliate to an alleged Iranian threat actor “Cobalt Mirage”.What is Drokbk Malware?Drokbk is a .NET malware which prime functionality is to execute remote commands served from its Command-and-Control (C2) servers. The malware is designed to retrieve C2 locations from publicly available services such as Github.According to Secureworks, Drokbk was deployed to a U.S. government network in early February 2022 compromised by leveraging Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046).FortiGuard Labs previously released Outbreak Alert and Threat Signal for Log4j vulnerabilities. See the Appendix for a link to “Outbreak Alert: Apache Log4j2 Vulnerability” and “Apache Log4J Remote Code Execution Vulnerability (CVE-2021-44228)”.What is the Status of Coverage?FortiGuard Labs detect available samples in the report with the following AV signatures:MSIL/Agent.3606!trW64/MaliceyElie.84DB!trW32/PossibleThreatPossibleThreatFortiGuard Labs has IPS coverage in place for CVE-2021-44228 and CVE-2021-45046:Apache.Log4j.Error.Log.Remote.Code.ExecutionAll network IOCs in the report are blocked by Webfiltering.