Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
“Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
Six of the identified 20 vulnerabilities have been deemed critical, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration.
Of the six critical flaws, five (from CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of special elements used in an operating system (OS) command, while CVE-2024-50375 (CVSS score: 9.8) concerns a case of missing authentication for a critical function.”
Binaré’s platform will check your IoT device, e.g. AP, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html?&web_view=true
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
“Of the six critical flaws, five (from CVE-2024-50370 through CVE-2024-50374, CVSS scores: 9.8) relate to improper neutralization of special elements used in an operating system (OS) command, while CVE-2024-50375 (CVSS score: 9.8) concerns a case of missing authentication for a critical function.
There is evidence to suggest that the operation is the work of a lone wolf actor, a script kiddie of Russian origin. The attacks have primarily targeted IP addresses located in China, Japan, and to a lesser extent Argentina, Australia, Brazil, Egypt, India, and the U.S.”
Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2024/11/matrix-botnet-exploits-iot-devices-in.html?&web_view=true
CVE-2024-48860 (CVSS 9.5): Critical Flaw in QNAP QuRouter, Immediate Update Recommended
“QNAP has issued a security advisory urging users of its QuRouter network appliance to update their devices immediately. The advisory addresses multiple vulnerabilities, including CVE-2024-48860 and CVE-2024-48861, which could allow remote attackers to execute arbitrary commands on vulnerable devices.
CVE-2024-48860 is a critical vulnerability with a CVSS score of 9.5, while CVE-2024-48861 is rated as high severity with a CVSS score of 7.3.”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityonline.info/cve-2024-48860-cvss-9-5-critical-flaw-in-qnap-qurouter-immediate-update-recommended/?&web_view=true
Here’s Yet Another D-Link RCE That Won’t be Fixed
“Stubborn network device maker digs in heels and tells you to buy new gear.
D-Link is once again under fire for not patching critical vulns. As with last week’s D-Link débâcle, the firm’s digging in its heels because the devices are a few months past their arbitrary end-of-life date (EOL).
This week, it’s a buffer overflow in six router products.“
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://securityboulevard.com/2024/11/d-link-router-critical-rce-sol-richixbw/?web_view=true
OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
“A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices.
“Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and more,” Claroty researcher Uri Katz said in a technical report.”
Binaré’s platform will check your IoT device, e.g. camera, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html?&web_view=true
Free icons courtesy of flaticon.com by authors: ALTOP7, Freepik, smashicons, dreamicons.