CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.

Robustel R1510 3.1.16 and 3.3.0 firmware update vulnerability was reported by Yang Wen of Baidu. Vendor acknowledged the issue and released update to fix it. This Robustel R1510 3.1.16 and 3.3.0 firmware update vulnerability has been assigned CVSSv3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Meltdown is a type of side channel attack in which information is revealed by the microarchitecture of a CPU. Attackers can access data via cache-based side channels, such as leaking information about the last few instructions retired on a CPU. An attacker can exploit this by running code that relies on information from the last few instructions and by running code that can leak information about the physical layout of memory. This information can be used to extract information about the operating system or other software running on the system. For example, an attacker could run code that extracts passwords from memory, bypassing normal authentication mechanisms. Another example of this kind of attack would be an attacker who extracts sensitive information such as credit card data or encryption keys, and then uses that information to make purchases or decrypt communications.

Vulnerability Overview: Meltdown

Meltdown is a type of side channel attack in which information is revealed by the microarchitecture of a CPU. Meltdown targets speculative execution and is similar to Spectre, but there are differences in how it affects different operating systems and CPUs. Meltdown can be used to extract information about the operating system or other software running on the system. This data can be used to extract passwords from memory, bypassing normal authentication mechanisms. An attacker could also run code that extracts sensitive information such as credit card data or encryption keys, and then use that information to make purchases or decrypt communications.

Meltdown (CVE-2018-3639)

In January, 2018 the Meltdown vulnerabilities were announced. These vulnerabilities potentially affected a wide range of x86-64 microprocessors and chipsets, including: Intel (including versions of their chipsets for mobile devices), AMD, ARM, and Xenon.
Meltdown is one of three exploits that have been found in modern processors. The other two are Spectre, which was found in early 2017, and Foreshadow. Meltdown can allow an attacker to access data with high privileges.

Meltdown - CVE-2018-3646

Meltdown is a type of side-channel attack in which software can extract information from locked memory. This typically occurs because the attacker is running code that relies on information about the last few instructions retired on a CPU.
Vendor Response:
Robustel R1510 3.1.16 and 3.3.0 firmware update released to address Meltdown vulnerability

Timeline

Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/26/2022 03:24:00 UTC

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1580
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34845