Category Archives: Advisories

USN-7371-1: FreeRDP vulnerabilities

Read Time:37 Second

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32458)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
FreeRDP clients and servers to crash, resulting in a denial of service.
(CVE-2024-32459)

It was discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32659, CVE-2024-32660)

Read More

ZDI-25-187: (0Day) BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability

Read Time:15 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-2773.

Read More

ZDI-25-183: (0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2769.

Read More

ZDI-25-182: (0Day) Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2768.

Read More