-
D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability
EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-13d90c2b MITRE: CVE-2024-23624 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life…
-
D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability
EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-5a0f4b12 MITRE: CVE-2024-23625 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The affected product is end-of-life…
-
Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability
EIP-552c9116 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-552c9116 MITRE: CVE-2024-23626 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability
EIP-ea3ab824 A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-ea3ab824 MITRE: CVE-2024-23628 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability
EIP-f4472693 A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-f4472693 MITRE: CVE-2024-23627 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 7.7 Vendor References The affected product is end-of-life and…
-
OpenCTF : mbrtetris
Category: Forensics Points: 25 Description: boot this on baremetal. – https://kajer.openctf.com/tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 File Download: tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 I start by running the file command: $ file tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6: DOS/MBR boot sector; partition 1 : ID=0x7, start-CHS (0x0,33,3), end-CHS (0x1,124,22), startsector 2048, 20480 sectors Ok, let’s try mounting this: $ sudo mount tinytetris-2c5414f1f85397e1787ec31cca3f252ac5fb78a6 /mnt mount: /mnt: wrong fs type,…
-
DeepSec 2024 Keynote – The Mind Bomb
DeepSec 2024 ended on 22 November 2024. We took a week off to post-process the event in terms of video material and dialogues. Usually only participants get first access to the video recordings, but because of the threat of disinformation from nation states, we published the keynote early and freely. Randahl Fink explained his take…
-
DeepINTEL 2024 – a full Day all about Security Intelligence
The DeepINTEL 2024 security intelligence has begun. The day holds a full day of presentation about current and future threats. It is difficult to describe a TLP:AMBER event, because we do not publish the schedule for DeepINTEL. The term security intelligence has a wide spectrum. Basically, it includes all informations that will help you improve…
-
How AI can assess a study’s novelty and impact various industries
Innovative AI tools in scientific research In today’s rapidly evolving world, AI is not just transforming industries but also unlocking new opportunities for innovation across almost all sectors, including research. One such opportunity in scientific research is to create an objective method for evaluating the originality of research: an AI-powered tool for novelty scores. By assessing the…
-
CES 2025: NVIDIA Unveils GeForce RTX 50-Series Chips, AI Research Supercomputers, and More
Jensen Huang, NVIDIA’s CEO, unveiled the company’s first flagship desktop GPU series in over two years during his keynote speech. Go to Source