Category Archives: Advisories

ZDI-25-220: (Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability

April 9, 2025

Read Time:11 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3.

Advisories

ZDI-25-219: (Pwn2Own) Lexmark CX331adwe JBIG2 File Parsing new_image Integer Overflow Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

Advisories

ZDI-25-218: (Pwn2Own) Lexmark CX331adwe JPEG2000 Memory Corruption Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

Advisories

ZDI-25-217: (Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

Advisories

ZDI-25-216: (Pwn2Own) Synology TC500 ONVIF Heap-based Buffer Overflow Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology TC500 cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11131.

Advisories

ZDI-25-215: (Pwn2Own) Synology DiskStation DS1823xs+ LDAP Client Improper Certificate Validation Authentication Bypass Vulnerability

April 9, 2025

Read Time:13 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-10444.

Advisories

ZDI-25-214: (Pwn2Own) Synology DiskStation DS1823xs+ Vue.JS Improper Neutralization of Argument Delimiters Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS1823xs+ devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-10441.

Advisories

ZDI-25-213: (Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability

April 9, 2025

Read Time:13 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.4. The following CVEs are assigned: CVE-2024-50631.

Advisories

ZDI-25-212: (Pwn2Own) Synology BeeStation BST150-4T Improper Authentication Vulnerability

April 9, 2025

Read Time:13 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-50630.

Advisories

ZDI-25-211: (Pwn2Own) Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability

April 9, 2025

Read Time:14 Second

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology BeeStation BST150-4T devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-50629.

News, Advisories and much more

Exit mobile version