Exodus Intelligence
Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code ExecutionExodus Advisories
18 January 2024 at 21:08

Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution

18 January 2024 at 21:08

EIP-32a68e8b

A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-32a68e8b
MITRE: CVE-2023-43822

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv2 Score: 6.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: March 8, 2023
Vendor response to disclosure: March 22, 2023
Disclosed to public: January 18, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
Symantec Messaging Gateway wp6sr.so Stack Buffer Overflow Remote Code ExecutionExodus Advisories
25 January 2024 at 23:26

Symantec Messaging Gateway wp6sr.so Stack Buffer Overflow Remote Code Execution

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:26

EIP-1e5e28b3

A stack buffer overflow exists in Symantec Messaging Gateway in versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-1e5e28b3
MITRE: CVE-2024-23614

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
CVSSv2 Score: 9.4

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: August 11, 2021
Vendor response to disclosure: September 27, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Symantec Messaging Gateway wp6sr.so Stack Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
Symantec Server Management Suite axengine.exe Buffer Overflow Remote Code ExecutionExodus Advisories
25 January 2024 at 23:26

Symantec Server Management Suite axengine.exe Buffer Overflow Remote Code Execution

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:26

EIP-91da78e7

A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Vulnerability Identifier

Exodus Intelligence: EIP-91da78e7
MITRE: CVE-2024-23616

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: August 11, 2021
Vendor response to disclosure: June 17, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Symantec Server Management Suite axengine.exe Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
Symantec Data Loss Prevention wp6sr.dll Stack Buffer Overflow Remote Code ExecutionExodus Advisories
25 January 2024 at 23:26

Symantec Data Loss Prevention wp6sr.dll Stack Buffer Overflow Remote Code Execution

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:26

EIP-17a47dc2

A stack buffer overflow exists in Symantec Data Loss Prevention versions 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specifically crafted document to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-17a47dc2
MITRE: CVE-2024-23617

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv2 Score: 9.3

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: August 11, 2021
Vendor response to disclosure: June 17, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Symantec Data Loss Prevention wp6sr.dll Stack Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
Symantec Messaging Gateway libdec2lha.so Stack Buffer Overflow Remote Code ExecutionExodus Advisories
25 January 2024 at 23:26

Symantec Messaging Gateway libdec2lha.so Stack Buffer Overflow Remote Code Execution

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:26

EIP-a9e61262

A stack buffer overflow exists in Symantec Messaging Gateway in versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-a9e61262
MITRE: CVE-2024-23615

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: August 11, 2021
Vendor response to disclosure: June 17, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Symantec Messaging Gateway libdec2lha.so Stack Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
Symantec Deployment Solution axengine.exe Buffer Overflow Remote Code ExecutionExodus Advisories
25 January 2024 at 23:26

Symantec Deployment Solution axengine.exe Buffer Overflow Remote Code Execution

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:26

EIP-6cce200a

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Vulnerability Identifier

Exodus Intelligence: EIP-6cce200a
MITRE: CVE-2024-23613

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv2 Score: 9.3

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: August 11, 2021
Vendor response to disclosure: July 17, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Symantec Deployment Solution axengine.exe Buffer Overflow Remote Code Execution appeared first on Exodus Intelligence.

Exodus Intelligence
IBM Merge Healthcare eFilm Workstation License Server Buffer OverflowExodus Advisories
25 January 2024 at 23:34

IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:34

EIP-96bd11d3

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-96bd11d3
MITRE: CVE-2024-23621

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: July 30, 2021
Vendor response to disclosure: August 23, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow appeared first on Exodus Intelligence.

Exodus Intelligence
IBM Merge Healthcare eFilm Workstation Hardcoded CredentialsExodus Advisories
25 January 2024 at 23:34

IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:34

EIP-ec3c5a9d

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-ec3c5a9d
MITRE: CVE-2024-23619

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: July 30, 2021
Vendor response to disclosure: August 23, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post IBM Merge Healthcare eFilm Workstation Hardcoded Credentials appeared first on Exodus Intelligence.

Exodus Intelligence
Arris SURFboard SBG6950AC2 Arbitrary Command Execution VulnerabilityExodus Advisories
25 January 2024 at 23:34

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:34

EIP-7777417a

An arbitrary command execution vulnerability exists in Arris SURFboard SBG6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.

Vulnerability Identifier

Exodus Intelligence: EIP-7777417a
MITRE: CVE-2024-23618

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The vendor has applied fixes in newer revisions of the firmware.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: June 17, 2021
Vendor response to disclosure: June 21, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
Motorola MR2600 Arbitrary Firmware Upload VulnerabilityExodus Advisories
25 January 2024 at 23:39

Motorola MR2600 Arbitrary Firmware Upload Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:39

EIP-d52674b0

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-d52674b0
MITRE: CVE-2024-23630

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Motorola MR2600 Arbitrary Firmware Upload Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
Motorola MR2600 Authentication Bypass VulnerabilityExodus Advisories
25 January 2024 at 23:40

Motorola MR2600 Authentication Bypass Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-73ad9c0b

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.

Vulnerability Identifier

Exodus Intelligence: EIP-73ad9c0b
MITRE: CVE-2024-23629

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:N
CVSSv2 Score: 7.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Motorola MR2600 Authentication Bypass Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection VulnerabilityExodus Advisories
25 January 2024 at 23:40

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-f4472693

A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-f4472693
MITRE: CVE-2024-23627

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection VulnerabilityExodus Advisories
25 January 2024 at 23:40

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-ea3ab824

A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-ea3ab824
MITRE: CVE-2024-23628

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
Motorola MR2600 ‘SaveSysLogParams’ Command Injection VulnerabilityExodus Advisories
25 January 2024 at 23:40

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-552c9116

A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-552c9116
MITRE: CVE-2024-23626

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection VulnerabilityExodus Advisories
25 January 2024 at 23:40

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-5a0f4b12

The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

Exodus Intelligence: EIP-5a0f4b12
MITRE: CVE-2024-23625

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The affected product is end-of-life and no patches are available.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: December 14, 2021
Vendor response to disclosure: January 27, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability appeared first on Exodus Intelligence.

Exodus Intelligence
D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection VulnerabilityExodus Advisories
25 January 2024 at 23:40

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

Exodus Intelligence

By: Exodus Advisories

25 January 2024 at 23:40

EIP-13d90c2b

The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

Exodus Intelligence: EIP-13d90c2b
MITRE: CVE-2024-23624

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The affected product is end-of-life and no patches are available.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: December 14, 2021
Vendor response to disclosure: January 27, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

The post D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability appeared first on Exodus Intelligence.

Normal view

EIP-32a68e8b

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-1e5e28b3

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-91da78e7

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-17a47dc2

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-a9e61262

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-6cce200a

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-96bd11d3

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-ec3c5a9d

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-7777417a

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-d52674b0

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-73ad9c0b

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-f4472693

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-ea3ab824

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-552c9116