SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.| SSD Secure Disclosure
Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering double-free error with high stability. The attacker can take advantage of kernel exploitation techniques to achieve local privilege escalation. Credit … Read More »| SSD Secure Disclosure
Summary WASM isorecursive canonical type id <-> wasm::HeapType / wasm::ValueType confusion in JS-to-WASM conversion functions and their wrappers (FromJS(), (Wasm)JSToWasmObject(), etc.), resulting in type confusion between arbitrary WASM types. This can be considered a variant bug of CVE-2024-2887 discovered by Manfred Paul and presented in Vancouver 2024. Credit An independent security researcher, Seunghyun Lee (@0x10n), … Read More »| SSD Secure Disclosure
Summary A vulnerability in XenForo allows a user to trigger an RCE via incorrect parsing and handling of user provided templates, this combined with another CSRF vulnerability. might allow unauthenticated attackers to execute arbitrary code whenever an admin user with permissions to administer styles / widgets will visit a specially crafted page / link. Credit … SSD Advisory – XenForo RCE via CSRF Read More »| SSD Secure Disclosure
Summary A stack-based overflow exists in UDTMediaServer, one of the binaries running in the background in Foscam. This vulnerability could be exploited to execute any command. Credit Yoseop Kim working with SSD Labs Korea Vendor Response The vendor has released an updated version, https://www.foscam.com/downloads/firmware_details.html?id=143 Affected Versions Foscam R4M running version V-2.x.2.67 Root cause analysis First, … Read More »| SSD Secure Disclosure
Summary A buffer overflow in the onvif_discovery binary located at /bin/onvif_discovery which listens on UDP port 5001. This vulnerability can be leveraged by a network-adjacent attacker to execute arbitrary code on the target as root. No authentication is required to exploit this. Credit An independent security researcher, n4nika, working with SSD Secure Disclosure Vendor Response … Read More »| SSD Secure Disclosure
Summary The NVMS9000 product by TVT has a critical security flaw that allows remote unauthenticated attackers a wealth of information on the device including, but not limited to, username and passwords, network configuration, etc. This security flaw can be easily exploited, all that is required is access to its open port (depending on configuration the … Read More »| SSD Secure Disclosure
Summary Security vulnerabilities in DIR-X4860 allow remote unauthenticated attackers that can access the HNAP port to gain elevated privileges and run commands as root. By combining an authentication bypass with command execution the device can be completely compromised. Credit A security researcher working with SSD Secure Disclosure Vendor Response The vendor has been reached out … Read More »| SSD Secure Disclosure