Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)

Victure's WR1200 WiFi router, also sometimes referred to as AC1200, was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local WiFi network and complete overtake of the device. Three vulnerabilities were uncovered, with links to the associated technical advisories below: Technical Advisory - Default WiFi Network Password Advertised by Victure … Continue reading Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

Vendor: Stark Bank's open-source ECDSA cryptography libraries Vendor URL: https://starkbank.com/, https://github.com/starkbank/ Versions affected: - ecdsa-python (https://github.com/starkbank/ecdsa-python) v2.0.0 - ecdsa-java (https://github.com/starkbank/ecdsa-java) v1.0.0 - ecdsa-dotnet (https://github.com/starkbank/ecdsa-dotnet) v1.3.1 - ecdsa-elixir (https://github.com/starkbank/ecdsa-elixir) v1.0.0 - ecdsa-node (https://github.com/starkbank/ecdsa-node) v1.1.2 Author: Paul Bottinelli paul.bottinelli@nccgroup.com Advisory URLs: - ecdsa-python: https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1 - ecdsa-java: https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1 - ecdsa-dotnet: https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 - ecdsa-elixir: https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1 - ecdsa-node: https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3 CVE … Continue reading Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

Vendor: Apple Vendor URL: https://www.apple.com/ Versions affected: xar 1.8-dev Systems Affected: macOS versions below 12.0.1 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://support.apple.com/en-gb/HT212869 CVE Identifier: CVE-2021-30833 Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Summary XAR is a file archive format used in macOS, and is part of various file formats, including .xar, .pkg, .safariextz, and .xip files. XAR archives … Continue reading Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)

Vendor: Open5GS Vendor URL: https://github.com/open5gs/open5gs Versions affected: 1.0.0 to 2.3.3 Systems Affected: Linux Author: mark.tedman[at]nccgroup[dot]com Advisory URL / CVE Identifier: CVE-2021-41794 Risk: CVSSv3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) Summary When connecting to the UPF port for the PFCP protocol (8805) and sending an Association Setup Request followed by a Session Establishment Request with a PDI Network Instance set … Continue reading Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)

Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)

Vendor: McAfee Vendor URL: https://kc.mcafee.com/corporate/index?page=content&id=sb10361 Versions affected: Prior to 7.3.0 HF1 Systems Affected: Windows OSs without NULL page protection Author: Balazs Bucsay <balazs.bucsay[ at ]nccgroup[.dot.]com> @xoreipeip CVE Identifier: CVE-2021-23893 Risk: 8.8 - CWE-269: Improper Privilege Management Summary McAfee's Complete Data Protection package contained the Drive Encryption (DE) software. This software was used to transparently encrypt … Continue reading Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)

Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)

Vendor: Garuda Linux Vendor URL: https://garudalinux.org/ Versions affected: previous commit 29b03856 Systems Affected: Garuda Linux user creation panel Author: Jesus Olmos <jesus.olmos[at]fox-it[dot]com> CVE Identifier: CVE-2021-3784 Risk: 4.4 - Local user impersonation in the moment of the user creation Summary Garuda is a modern Linux distribution based on Arch Linux with nice blur effects and icons.  Garuda Linux performs an … Continue reading Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)

Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

Vendor: PDFTron Vendor URL: https://www.pdftron.com/ Versions affected: WebViewer UI 8.0 or below Systems Affected: Web applications hosting the affected software Author: Liyun Li <liyun.li[at]nccgroup[dot]com> CVE Identifier: CVE-2021-39307 Summary PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Impact An attacker … Continue reading Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

Vendor: New York State Vendor URL: https://covid19vaccine.health.ny.gov/excelsior-pass Versions affected: iOS 1.4.1, Android 1.4.1 Systems Affected: iOS, Android Author: Dan Hastings dan.hastings[at]nccgroup[dot]trust Advisory URL / CVE Identifier: Risk: Information Leakage Summary The New York State (NYS) Excelsior scanner app is used by businesses or event venues to scan the QR codes contained in the NYS Excelsior … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

Vendor: New York State Vendor URL: https://play.google.com/store/apps/details?id=gov.ny.its.healthpassport.wallet Versions affected: 1.2.0 Systems Affected: Android Google Play Store Author: Siddarth Adukia sid.adukia[at]nccgroup[dot]com Summary New York State developed an application called NYS Excelsior Pass Wallet that allows users to acquire and store a COVID-19 vaccine credential. During some research it was discovered that this application does not validate … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

Vendor: Ivanti Pulse Secure Vendor URL: https://www.pulsesecure.net/ Versions affected: Pulse Connect Secure (PCS) 9.11R11.5 or below Systems Affected: Pulse Connect Secure (PCS) Appliances Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 CVE Identifier: CVE-2021-22937 Risk: 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Summary The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite … Continue reading Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)