B426 Firmware Security Vulnerabilities

CVE-2024-32281

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput...

CVE-2023-43491

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...

CVE-2023-45744

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this...

CVE-2023-40146

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute...

CVE-2023-45209

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to...

CVE-2023-39367

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

CVE-2024-26893

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the...

CVE-2024-26893

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the same.....

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree....

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the...

CVE-2024-26893 firmware: arm_scmi: Fix double free in SMC transport cleanup path

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the same.....

CVE-2024-26823

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their...

CVE-2024-26823

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their...

CVE-2024-26847 powerpc/rtas: use correct function name for resetting TCE tables

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree....

CVE-2024-26823 irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their...

CVE-2024-32293

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient...

CVE-2024-32306

Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle...

CVE-2024-32291

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit...

CVE-2024-32288

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter...

CVE-2024-32285

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName...

CVE-2024-32282

Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput...

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

Title: Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Advisory ID: ZSL-2024-5822 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary Wayber II is the name of an analogue/digital microwave link able to...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

CVE-2024-32301

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle...

CVE-2024-32281

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput...

CVE-2024-32314

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput...

CVE-2024-32316

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient...

CVE-2024-32307

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle...

Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree....

CVE-2024-32317

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting...

CVE-2024-32311

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting...

CVE-2024-32303

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle...

CVE-2024-32305

Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle...

CVE-2024-32283

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput...

Peplink Smart Reader web interface mac2name OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1867 Peplink Smart Reader web interface mac2name OS command injection vulnerability April 17, 2024 CVE Number CVE-2023-39367 SUMMARY An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in...

Peplink Smart Reader /bin/login privilege escalation vulnerability

Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted...

CVE-2024-26823

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems such as HIP07 lose their...

CVE-2024-32310

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle...

CVE-2024-32292

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput...

CVE-2024-32290

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat...

CVE-2024-32318

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo...

CVE-2024-32315

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting...

CVE-2024-32286

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer...

Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1863 Peplink Smart Reader web interface /cgi-bin/debug_dump.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-43491 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of...

Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability

Talos Vulnerability Report TALOS-2023-1865 Peplink Smart Reader web interface /cgi-bin/download_config.cgi information disclosure vulnerability April 17, 2024 CVE Number CVE-2023-45209 SUMMARY An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi...

CVE-2024-26893

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the same.....

CVE-2024-32287

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting...

CVE-2024-32320

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone...

CVE-2024-32313

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting...