Monthly Archive: May 2018

A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions...

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. Date published : 2018-05-30 https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-login-Escalation-of-Privileges

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. Date published : 2018-05-30 https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authenticated-RCE

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be...

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of...

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range...

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/49 https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html

The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48

The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Date published : 2018-05-30 http://seclists.org/fulldisclosure/2018/May/48