Vulnerability Note VU#899080 Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259 : Use of Hard-coded Password – CVE-2015-8286 According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password
VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability
Vulnerability Note VU#327976 Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability Original Release date: 11 Feb 2016 | Last revised: 11 Feb 2016 Overview Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119 : Improper Restriction of Operations within the Bound of a Memory Buffer – CVE-2016-1287 According to the advisory by Exodus Intelligence : The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer
VU#305096: Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium
Vulnerability Note VU#305096 Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 04 Feb 2016 Overview Comodo Chromodo browser, version 184.108.40.2062, 220.127.116.111, and possibly earlier, does not enforce same origin policy, which allows for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities. Description Comodo Chromodo is a web browser that comes packaged with Comodo Internet Security
VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Vulnerability Note VU#777024 Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Original Release date: 03 Feb 2016 | Last revised: 03 Feb 2016 Overview Netgear Management System NMS300, version 18.104.22.168 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Description Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface
Vulnerability Note VU#719736 Fisher-Price Smart Toy platform allows some unauthenticated web API commands Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy
Vulnerability Note VU#992624 Harman AMX multimedia devices contain hard-coded credentials Original Release date: 21 Jan 2016 | Last revised: 21 Jan 2016 Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798 : Use of Hard-coded Credentials – CVE-2015-8362 According to the researchers’ blog post , several models of Harman AMX multimedia devices contain a hard-coded “backdoor” account with administrative permissions.
Vulnerability Note VU#456088 OpenSSH Client contains a client information leak vulnerability and buffer overflow Original Release date: 14 Jan 2016 | Last revised: 14 Jan 2016 Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations.
VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption
Vulnerability Note VU#418072 Comcast XFINITY Home Security fails to properly handle wireless communications disruption Original Release date: 05 Jan 2016 | Last revised: 05 Jan 2016 Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636 : Not Failing Securely (‘Failing Open’) Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band to maintain state between sensors and the base station. When component communications are disrupted, the system does not trigger any alerts and additionally may take from minutes to hours to re-establish communications, during which time no alarm escalation occurs
Vulnerability Note VU#640184 Juniper ScreenOS contains multiple vulnerabilities Original Release date: 21 Dec 2015 | Last revised: 21 Dec 2015 Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device.
VU#757840: Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users
Vulnerability Note VU#757840 Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users Original Release date: 18 Dec 2015 | Last revised: 18 Dec 2015 Overview Dovestones Software AD Self Password Reset, version 22.214.171.124 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284 : Improper Access Control – CVE-2015-8267 Dovestones Software AD Self Password Reset contains a vulnerable method PasswordReset.Controllers.ResetController.ChangePasswordIndex() in PasswordReset.dll that fails to validate the requesting user