Category Archives: Advisories

Read Time:16 Second

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7546.

Advisories

ZDI-24-1085: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1083: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1082: (0Day) (Pwn2Own) oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

August 5, 2024

Read Time:16 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7542.

Advisories

ZDI-24-1081: (0Day) (Pwn2Own) oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1080: (0Day) (Pwn2Own) oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1079: (0Day) (Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1078: (0Day) (Pwn2Own) oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability

August 5, 2024

Read Time:16 Second

Advisories

ZDI-24-1077: (0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

August 5, 2024

Read Time:12 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7537.

News, Advisories and much more

Exit mobile version

Cyber Security News

Category Archives: Advisories

ZDI-24-1086: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-24-1085: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-24-1083: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

ZDI-24-1082: (0Day) (Pwn2Own) oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

ZDI-24-1081: (0Day) (Pwn2Own) oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability

ZDI-24-1080: (0Day) (Pwn2Own) oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

ZDI-24-1079: (0Day) (Pwn2Own) oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability

ZDI-24-1078: (0Day) (Pwn2Own) oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability

ZDI-24-1077: (0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

News, Advisories and much more