all InfoSec news
Netgear RAX30 Multiple Vulnerabilities
March 14, 2023, 6:09 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
Bypass Firmware Upgrade Signature Checks (Post-Auth) - CVE-2023-28337
When uploading a firmware image to the device for updates, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.
As a proof of concept, we downloaded firmware V1.0.9.92_1, and modified it to read as V9.9.9.99_9 by running the following command:
sed -i -e …
auth bypass cve device end firmware hidden malicious may netgear parameter signature updates upgrade validation vulnerabilities
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US