βΌ CVE-2023-4420 βΌ
π Read
via "National Vulnerability Database".
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40899 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40893 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40900 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4419 βΌ
π Read
via "National Vulnerability Database".
The LMS5xx uses hard-coded credentials, which potentially allow low-skilledunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40896 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40902 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40897 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40894 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40892 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40904 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31412 βΌ
π Read
via "National Vulnerability Database".
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40891 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40901 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39834 βΌ
π Read
via "National Vulnerability Database".
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4418 βΌ
π Read
via "National Vulnerability Database".
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40898 βΌ
π Read
via "National Vulnerability Database".
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.π Read
via "National Vulnerability Database".
π΄ US Space Industry More Prone to Foreign Espionage, US Agencies Warn π΄
π Read
via "Dark Reading".
Foreign intelligence entities have the US space industry in their sights, posing serious threats to US national security, multiple federal agencies say.π Read
via "Dark Reading".
Dark Reading
US Space Industry More Prone to Foreign Espionage, US Agencies Warn
Foreign intelligence entities have the US space industry in their sights, posing serious threats to US national security, multiple federal agencies say.
π1
π΄ Kyndryl and Cisco Expand Partnership Focusing on Cyber Resilience π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Kyndryl and Cisco Expand Partnership Focusing on Cyber Resilience
NEW YORK, August 24, 2023 β Kyndryl (NYSE: KD), the worldβs largest IT infrastructure services provider, today announced an expanded technology partnership with Cisco to deliver services focused on cyber resilience. Through this partnership, Kyndryl willβ¦
π΄ Cypago Raises $13M and Unveils its Cyber GRC Automation (CGA) Platform to Simplify GRC Processes π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Cypago Raises $13M and Unveils its Cyber GRC Automation (CGA) Platform to Simplify GRC Processes
[Tel Aviv, 24th August, 2023] β Cypago announced the release of its Cyber GRC Automation (CGA) platform today, revolutionizing the GRC space by bridging the gap between management, security, and operations teams. This announcement follows the companyβs $13Mβ¦
π¦Ώ Major US Energy Company Hit by QR Code Phishing Campaign π¦Ώ
π Read
via "Tech Republic".
This QR code phishing campaign is targeting multiple industries and using legitimate services such as Microsoft Bing to increase its efficiency and bypass security.π Read
via "Tech Republic".
TechRepublic
Major US Energy Company Hit by QR Code Phishing Campaign
Learn more about the QR code phishing campaign targeting several industries, and how to stay safe from these types of threats.