Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)

Current Vendor: SerComm Vendor URL: https://www.sercomm.com Systems Affected: SerComm h500s Versions affected: lowi-h500s-v3.4.22 Authors: Diego Gómez Marañón & @rsrdesarrollo CVE Identifier: CVE-2021-44080 Risk: 6.6(Medium)- AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Summary The h500s is a router device manufactured by SerComm and packaged by a few telecoms providers in Spain (and possibly other regions) to provide CPE DSL network connectivity and … Continue reading Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)

Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)

Current Vendor: Belkin Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/ Versions affected: Latest FW version - 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin) Systems Affected: Linksys WRT160NL (maybe others) Authors: Diego Gómez Marañón – Diego.GomezMaranon[at]nccgroup[dot]com CVE Identifier: CVE-2020-26561 Risk: 8.8 (High) – AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Summary The Linksys WRT160NL is a switch device initially owned by Cisco and, after the sale of its respective … Continue reading Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)