Topic

WiFi

A collection of 7 issues

CVE-2022-37234 The Netgear Nighthawk R7000-V1.0.11.134_10.2.119 is vulnerable to a buffer overflow via the wl binary.

A remote user or attacker can send a specially crafted HTTP request to the wl binary, causing the wl binary to crash and resulting in a Denial of Service condition. A remote user or attacker can send a specially crafted HTTP request to the wl binary, causing the wl binary

CVE-2022-3218 The WiFi Mouse authentication mechanism is trivially bypassed, which can result in remote code execution.

This is made possible by the fact that the WiFi Mouse (Mouse Server) provides no authentication mechanism to prevent attackers from simply modifying the HTTP requests sent to the server and causing it to execute malicious code. When using this authentication mechanism, make sure to limit the permissions of any

CVE-2022-35572 The /SysInfo.htm URI does not require a session ID on routers with firmware 1.0.00.037 and lower.

However, if the device is connected to a network not accessible from the internet, an attacker would have to have access to the device to exploit this vulnerability. To exploit this vulnerability, an attacker would have to be on the same network as the Linksys E5350 WiFi Router. An attacker

CVE-2022-36552 Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below has a vulnerability in the component /cgi-bin/DownloadFlash which allows attackers to steal data such as source code and system files.

The affected component is present in the below firmware version of the Tenda AC6(AC1200) Router. Firmware v02.03.01.114 and below If you have upgraded your Router to v02.03.01.114 and if you haven’t, please be sure to upgrade as soon as possible to avoid

CVE-2022-1025 Argo CD v1.0.0 is vulnerable to an improper access control bug. It allows a malicious user to potentially escalate their privileges to admin-level.

At the time of writing, the bug has been fixed in the latest version 1.3.9 and later. If you are using an earlier version of Argo CD, you should upgrade as soon as possible. To update your copy of Argo CD, follow the instructions for the operating system

CVE-2022-20210 UE and EMM use NAS messages to communicate. When a new message arrives, the modem parses it and fills in internal objects.

If a modem receives a malicious message, it can crash with a segmentation fault. This is a crash with the same code as a false positive in a cryptographically signed software update, which makes it look like a real Windows update. The attacker can then send another malicious message that

CVE-2022-0435 A stack overflow was found in the Linux kernel's TIPC protocol functionality where a user sends a packet with malicious content with more domain member nodes than allowed.

A race condition flaw was found in the way core networking components were handling TCP packets with Malformed ICMP Redirect messages. This flaw could be exploited to crash or inappropriately disconnect a client or server. An information disclosure flaw was found in the Linux kernel's implementation of basic device control