all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-881: (Pwn2Own) Ubiquiti Networks EV Station setDebugPortEnabled Exposed Dangerous Method Remote Code Execution Vulnerability

Add to bookmarks
June 21, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2024-29206.

arbitrary code attackers authentication authentication mechanism can code code execution cves cvss exploit exposed mechanism network networks pwn2own rating remote code remote code execution station ubiquiti vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability 3 days, 4 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication code +14
ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 4 days, 4 hours ago | www.zerodayinitiative.com
attackers authentication cve cve-2024 +16
ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +25
ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +21
ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +23
ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +24
ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
arbitrary code attackers authentication cameras +16
ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
attackers authentication cameras cvss +11
ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com
attacker attackers cameras code +18

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Ingénieur Développement Logiciel IoT H/F

@ Socomec Group | Benfeld, Grand Est, France
View on infosec-jobs.com

Architecte Cloud – Lyon

@ Sopra Steria | Limonest, France
View on infosec-jobs.com

Senior Risk Operations Analyst

@ Visa | Austin, TX, United States
View on infosec-jobs.com

Military Orders Writer

@ Advanced Technology Leaders, Inc. | Ft Eisenhower, GA, US
View on infosec-jobs.com

Senior Golang Software Developer (f/m/d)

@ E.ON | Essen, DE
View on infosec-jobs.com

Senior Revenue Operations Analyst (Redwood City)

@ Anomali | Redwood City, CA
View on infosec-jobs.com