Attackers could leverage this vulnerability to inject malicious code into Web traffic of affected devices, allowing them to takeover control of devices and inject malicious code into Web traffic of other devices. The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2. EyesOfNetwork Web Interface v5.3 used a weak password hashing algorithm, which allowed attackers to easily decrypt the hashed password of the Web user via a brute-force attack. This could potentially allow attackers to take over control of the device. EyesOfNetwork Web Interface v5.3 used the wp_remote_post function to share arbitrary data with other devices, which allowed remote attackers to conduct clickjacking attacks and hijack the session of the user of an affected device. The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2 to address these issues.

EyesOfNetwork Web Interface v5.3.1

Download v5.3.1 of EyesOfNetwork Web Interface to resolve these vulnerabilities.

EyesOfNetwork Web Interface v5.3.1 and v5.3.2 Fixes

The update has been released for EyesOfNetwork Web Interface v5.3.1 and v5.3.2 to address these issues. The update includes a new password hashing algorithm, which prevents attackers from easily decrypting the hashed password of the Web user via brute-force attack, as well as fixes for clickjacking and hijacking attacks against the affected device.

Timeline

Published on: 11/08/2022 01:15:00 UTC
Last modified on: 11/08/2022 15:14:00 UTC

References