CVE-2019-6567 (scalance_x-200_firmware, scalance_x-200irt_firmware, scalance_x-300_firmware, scalance_x-414-3e_firmware)

A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT (All versions), SCALANCE X-300 (All versions), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

View Full Alert

CVE-2017-8252 (ipq4019_firmware, ipq8074_firmware, mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, mdm9655_firmware, msm8909w_firmware, msm8996au_firmware, qc_215_firmware, qca8081_firmware, qcs605_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_410_firmware, sd_412_firmware, sd_415_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_430_firmware, sd_435_firmware, sd_439_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_625_firmware, sd_632_firmware, sd_636_firmware, sd_650_firmware, sd_652_firmware, sd_670_firmware, sd_675_firmware, sd_710_firmware, sd_712_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sd_855_firmware, sd_8cx_firmware, sda660_firmware, sdm439_firmware, sdm630_firmware, sdm660_firmware, sdx20_firmware, sdx24_firmware, sm7150_firmware, snapdragon_high_med_2016_firmware, sxr1130_firmware)
Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…
CVE-2013-7471 (dir-300_firmware, dir-600_firmware, dir-645_firmware, dir-845_firmware, dir-865_firmware)
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters…
CVE-2016-10760 (swr-300a_firmware, swr-300b_firmware, swr-300bg_firmware, swr-300c_firmware)
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. View Full Alert

Related Posts