Security News

Trojan.Win32.Siscos.bqe / Insecure Permissions

Full Disclosure - 7 May, 2021 - 10:51

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b4a35ae6dcceea6390769829b4e1506f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Siscos.bqe
Vulnerability: Insecure Permissions
Description: The malware creates a insecure dir named "Windupdt" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename the...

Trojan.Win32.Agent.xdtv / Insecure Permissions

Full Disclosure - 7 May, 2021 - 10:51

Posted by malvuln on May 07

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ffa9b76f9549a2c46415c855a0911e8a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.xdtv
Vulnerability: Insecure Permissions
Description: The malware creates an insecure installation dir under
"C:\Program Files (x86)" and grants full (F) permissions to the Everyone
user group. Standard users can...

Four vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:50

Posted by Q C on May 07

Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Vendor URL: https://mikrotik.com/
Vendor Status: no fix yet
CVE: CVE-2020-20214, CVE-2020-20222, CVE-2020-20236, CVE-2020-20237
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch, router and access...

Re: Four vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to two of these
vulnerabilities.

CVE-2020-20254: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/lcdstat process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) in the
/nova/bin/lcdstat process. An authenticated remote attacker can...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/05] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20267: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/resolver process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the /nova/bin/user process....

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[Update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20266: Mikrotik RouterOs before 6.47 (stable tree) suffers from a
memory corruption vulnerability in the /nova/bin/dot1x process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20264: Mikrotik RouterOs before 6.47 (stable tree) in the
/ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote...

Re: Three vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 7 May, 2021 - 10:49

Posted by Q C on May 07

[update 2021/05/04] Three CVEs have been assigned to these vulnerabilities.

CVE-2020-20215: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/diskd process. An
authenticated remote attacker can cause a Denial of Service due to invalid
memory access.

CVE-2020-20216: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/graphing process. An...

APPLE-SA-2021-05-03-3 watchOS 7.4.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-3 watchOS 7.4.1

watchOS 7.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212339.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A memory corruption issue was...

APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1

macOS Big Sur 11.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212335.

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A memory corruption issue was addressed...

APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1

iOS 14.5.1 and iPadOS 14.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212336.

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to...

APPLE-SA-2021-05-03-2 iOS 12.5.3

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-2 iOS 12.5.3

iOS 12.5.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212341.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...

KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

Overview
========

Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh
Extender.
CVE-ID :- CVE-2021-25326
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity:...

KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

Overview
========

Title:- Authenticated XSRF in RN510 Mesh Extender.
CVE-ID :- CVE-2021-25327
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity: High--Critical

Advisory ID...

KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

itle :- Authenticated  Stack Overflow in RN510 mesh Device
CVE-ID:- CVE-2021-25328
Author:  Kaustubh G. Padwad
Vendor:  Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity: High--Critical

Advisory ID
============...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/igmp-proxy process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers
from an uncontrolled resource consumption vulnerability in the
/nova/bin/cerm process. An authenticated remote attacker can cause a Denial
of Service due to overloading the systems CPU.

CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] CVE-2020-20212 and CVE-2020-20211 have been
assigned to these two vulnerabilities.

CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from
a memory corruption vulnerability in the /nova/bin/console process. An
authenticated remote attacker can cause a Denial of Service (NULL
pointer dereference)

CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from
an assertion failure vulnerability in the...

Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.oj
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 23, upon connection to an
infected host third-party attackers get handed a remote shell.
Type: PE32
MD5:...

Backdoor.Win32.Agent.oj / Remote Stack Buffer Overflow

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.oj
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 23. Third-party attackers can
send a specially crafted payload, triggering a classic stack buffer
overflow overwriting ECX, EIP...

Backdoor.Win32.Agent.kte / Remote Stack Buffer Overflow (UDP Datagram)

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7c92e59e776355734781bbf05571d0f0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.kte
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: The malware drops an executable named "aspimgr.exe" under
SysWOW64 dir, which listens on TCP port 80 and UDP port 53. Third-party
attackers...
Syndicate content