all InfoSec news
Vulnerability Spotlight: Hard-coded password vulnerability could allow attacker to completely take over Lenovo Smart Clock
Malware Analysis, News and Indicators - Latest topics malware.news
Kelly Leuschner and Thorsten Rosendahl discovered this vulnerability.
Cisco Talos researchers recently discovered a vulnerability in the Lenovo Smart Clock Essential that could allow an attacker to completely take over the device if they have access to the network the clock is connected to.
TALOS-2023-1692 (CVE-2023-0896) exists because the smart clock does not change its hardcoded credentials once it’s set up and connected to the network. Therefore, an attacker could use a specially crafted command line argument to gain full …
access argument change cisco cisco talos command command line control credentials cve device hard hardcoded hardcoded credentials lenovo network password researchers smart spotlight ssh talos vulnerability vulnerability spotlight