11.5 C
London
Sunday, October 22, 2017

VU#630872: Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N,firmware version 5.07.50 and possibly earlier,uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery(CSRF).

VU#867968: Microsoft Windows SMB Tree Connect Response denial of service vulnerability

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic,which may allow a remote,unauthenticated attacker to cause a denial of service on a vulnerable system.

VU#646748: Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow

Embarcadero Delphi and C++Builder Visual Component Library(VCL)bitmap(BMP)file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code.

VU#507216: Hirschmann “Classic Platform” switches reveal administrator password in SNMP community...

Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann "Classic Platform" switches contain a password sync feature th...

VU#505560: Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities

Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities Original Release date: 29 Apr 2016 | Last revised: 29 Apr 2016 Overview The Accellion File Transfer Appliance (FTA) contains multiple vulnerabilites that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Accellion File Transfer appliance contains multiple vulnerabilities in versions below FTA_9_12_40. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2016-2350The Accellion File Transfer Appliance versions below contains three cross-site scripting (XSS) vulnerabilities.

An attacker can inject arbitrary HTML content (including script) within the following: move_partition_frame.html getimageajax.php wmInfo.htmlCWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-2351The Accellion File Transfer Appliance contains a SQL injection vulnerability due to improper escaping of the parameter ‘client_id’ in `/home/seos/courier/security_key2.api, allowing an attacker to inject arbitrary code in ‘client_id,” and recover private data.CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')- CVE-2016-2352The Accellion File Transfer Appliance is vulnerable to command injection due to unsafe handling of restricted users utilizing the YUM_CLIENT.

This allows a restricted user to execute any command via root permission.

CWE-276: Incorrect Default Permissions - CVE-2016-2353The Accellion File Transfer Appliance is vulnerable to local privilege escalation due to a misconfiguration.

By default, the appliance allows a restricted user to add their SSH key to an alternate user group with additional permissions.Impact A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system and view sensitive dataSolution Apply an updateAffected uses should update to version FTA_9_12_40 as soon as possible.Vendor Information (Learn More) No information available.
If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Temporal 5.9 E:POC/RL:OF/RC:ND Environmental 4.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Orange Tsai for reporting these vulnerabilities This document was written by Deana Shick. Other Information FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

VU#301735: ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials Original Release date: 12 Aug 2016 | Last revised: 25 Aug 2016 Overview The ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081 According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for accessing the device via telnet.

These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.Additionally, these cameras contain an always running instance of telnet that allows network access by an attacker.

Telnet cannot be disabled.CWE-636: Not Failing Securely ('Failing Open') - CVE-2016-5650According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras can be forced to deauthenticate and connect to an unencrypted network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal.

An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.The CERT/CC has to-date been unable to reach the vendor to confirm these vulnerabilities. Impact A remote unauthenticated attack with knowledge of the credentials may gain root access to the device. Solution Apply an updateThe CERT/CC has received the following statement from Zmodo: Zmodo has released firmware Version 40.0.3.0 (for ZP­NE14­S) and firmware Version 7.8.0.36 (for ​ZP­IBH­13W) to address these issues.

Affected users are encouraged to use their mobile phone with Zmodo APP installed to upgrade theirZmodo devices to the latest firmware as soon as possible. Please see their support announcement
here. Vendor Information (Learn More) Vendor Status Date Notified Date Updated ZModo Affected 11 May 2016 25 Aug 2016 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal 8.5 E:POC/RL:U/RC:UR Environmental 2.1 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND References Credit Thanks to Garrett Miller and John Kotheimer for reporting this vulnerability. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2016-5081 CVE-2016-5650 Date Public: 11 Aug 2016 Date First Published: 12 Aug 2016 Date Last Updated: 25 Aug 2016 Document Revision: 16 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.

VU#793496: Open Shortest Path First (OSPF) protocol implementations may improperly determine...

Open Shortest Path First(OSPF)protocol implementations may improperly determine Link State Advertisement(LSA)recency for LSAs with MaxSequenceNumber.

Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.

VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session...

The Intelligent Platform Management Interface(IPMI)v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values.

VU#673313: Google Search Appliance dynamic navigation cross-site scripting vulnerability

Google Search Appliance(GSA)devices contain a cross-site scripting(XSS)vulnerability when dynamic navigation is enabled.

VU#577140: BIOS implementations fail to properly set UEFI write protections after...

Multiple BIOS implementations fail to properly set write protections after waking from sleep,leading to the possibility of an arbitrary BIOS image reflash.

VU#682704: Misys FusionCapital Opics Plus contains multiple vulnerabilities

Misys FusionCapital Opics Plus contains multiple vulnerabilities Original Release date: 19 Jul 2016 | Last revised: 19 Jul 2016 Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries.

FusionC...

VU#276408: Think Mutual Bank Mobile Banking App for iPhone fails to...

Think Mutual Bank mobile banking app for iOS,version 3.1.5 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.