Author: Mandar Jadhav

Last month, a security researcher published a critical vulnerability (CVE-2018-9995) in several Digital Video Recorders (DVR). As DVR is typically connected to home or business security cameras, compromising it  can give attackers access to live feeds from all the cameras they are connected to. The researcher also released a proof-of-concept code for the vulnerability, getDVR_Credentials. … Continue reading “Multiple DVR Products Authentication Bypass Vulnerability”

A couple of vulnerabilities affecting over one million GPON routers were disclosed recently. One of them was an Authentication Bypass vulnerability (CVE-2018-10561) and other one was a Command Injection vulnerability (CVE-2018-10562). An attacker can chain these vulnerabilities to execute arbitrary code on the targeted devices. A security researcher published his findings along with POC on … Continue reading “GPON Home Routers Multiple Security Vulnerabilities”

HPE Intelligent Management Center Enterprise Software Platform is a comprehensive wired and wireless network management tool supporting the FCAPS model, provides for end-to-end business management of IT, scalability of system architecture, and accommodation of new technology and infrastructure. Vulnerability: A deserialization vulnerability has been reported in the HPE Intelligent Management Center (iMC). The vulnerability is … Continue reading “HP Intelligent Management Center (iMC) RMI Registry Java Deserialization Remote Code Execution Vulnerability”

LibreOffice Calc is the spreadsheet component of the LibreOffice software package. LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Details: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via WEBSERVICE calls in a document (CVE-2018-6871), which uses the COM.MICROSOFT.WEBSERVICE function. This feature is available in Microsoft … Continue reading “LibreOffice Remote Arbitrary File Disclosure Vulnerability via WEBSERVICE Function”

Westermo provides a full range of industrial data communications (SCADA) solutions for demanding applications in the transport, water and energy markets among others. MRD devices provide resilient remote access and eliminate the need for costly site visits. With support for secure VPN communications, static and dynamic IP routing, NAT, port forwarding, OpenVPN (SSL VPN), and … Continue reading “Westermo MRD-305-DIN, MRD-315, MRD-355 and MRD-455 Multiple Security Vulnerabilities”

Recently, ZDI published two 0day advisories ZDI-17-691 and ZDI-17-692 for vulnerabilities in Foxit Reader & PhantomPDF. These are Command Injection and File Write vulnerabilities that can be triggered through the JavaScript API in Foxit Reader. These vulnerabilities are not memory corruption vulnerabilities. Details: CVE-2017-10951 (ZDI-CAN-4724): This allows the “app.launchURL” method to execute a system call … Continue reading “Foxit Reader and PhantomPDF Multiple Code Execution Vulnerabilities”

Recently, a remote code execution vulnerability was discovered in the Citrix NetScaler SD-WAN and Citrix CloudBridge tracked as CVE-2017-6316. The vulnerability exist in the session management functionality. If the cookie holds shell-command data – it is used in a call to system where input is processed unsanitized. This allows an attacker to execute arbitrary commands … Continue reading “Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability”

While doing research on the IP surveillance solutions, we came across a company called Brickcom Corporation. Brickcom is a network video manufacturer in the IP surveillance industry. We started testing the latest firmware 3.7.0.2aR. It’s based on Linux and the file system is ‘Squashfs’ compressed with LZMA. We extracted the ‘Squashfs’ file system using open … Continue reading “Brickcom Devices Multiple Security Vulnerabilities”