PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised
“The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models. These vulnerabilities range in severity, with potential impacts including remote code execution, unauthorized access, and denial of service.”
Binaré’s platform will check your IoT device, e.g. switch, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityonline.info/planet-technology-switches-face-cve-2024-8456-cvss-9-8-urgent-firmware-updates-advised/?&web_view=true
Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware
“A newly discovered critical vulnerability, CVE-2024-36435, has been uncovered in several Supermicro enterprise products, potentially exposing organizations to significant security risks. Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research Team and thoroughly analyzed by the Binarly Research Team, this flaw allows unauthenticated attackers to exploit a buffer overflow in the Baseboard Management Controller (BMC), leading to Remote Code Execution (RCE).”
Binaré’s platform will check your IoT device, e.g. controller, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityonline.info/researcher-details-rce-flaw-cve-2024-36435-in-supermicro-bmc-ipmi-firmware/?&web_view=true#google_vignette
Critical Flaw in RAISECOM Gateways Actively Exploited, Exposing Thousands to Remote Attacks
“A newly discovered and actively exploited vulnerability in RAISECOM Gateway devices poses a significant threat to enterprise security. The flaw, tracked as CVE-2024-7120 with a critical CVSS score of 9.8, allows remote attackers to execute arbitrary commands on affected devices, potentially leading to unauthorized access, data breaches, and system compromise.”
Binaré’s platform will check your IoT device, e.g. gateway, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityonline.info/critical-flaw-in-raisecom-gateways-actively-exploited-exposing-thousands-to-remote-attacks/?&web_view=true
Vulnerabilities Found in Proroute H685t-w 4G Router: Command Injection and XSS Exposed
“Security researchers have disclosed two critical vulnerabilities in Proroute H685t-w 4G routers that could allow remote attackers to compromise affected devices, potentially leading to unauthorized access, data breaches, and disruption of network services.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityonline.info/vulnerabilities-found-in-proroute-h685t-w-4g-router-command-injection-and-xss-exposed/?&web_view=true
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
“A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF’s implementation of the tinydhcp server stemming from a lack of adequate input validation.”
Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html?&web_view=true
Quad7 botnet targets more SOHO and VPN routers, media servers
“The Quad7 botnet is evolving its operation by targeting additional SOHO devices with new custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers. This comes in addition to the TP-Link routers reported previously by Sekoia, and first reported by researcher Gi7w0rm, who gave the botnet its name due to targeting port 7777. Also, the ASUS routers targeted by a separate cluster discovered by Team Cymru two weeks later.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.bleepingcomputer.com/news/security/quad7-botnet-targets-more-soho-and-vpn-routers-media-servers/?&web_view=true
Free icons courtesy of flaticon.com by authors: zafdesign, AB design, Flat Icons, HAJICON, Freepik, IconBaandar.