Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Current Vendor: Belkin (Linksys) Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/ Versions affected: 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin) Systems Affected: Linksys WRT160NL Authors: Manuel Ginés - Manuel.Gines[at]nccgroup[dot]com && Diego Gómez Marañón – Diego.GomezMaranon[at]nccgroup[dot]com CVE Identifier: CVE-2021-25310 Risk: 8.8 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Summary The Linksys WRT160NL is a switch device initially owned by Cisco and, after the sale of its respective … Continue reading Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Shellshock Advisory

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Shellshock Advisory 25 Sep 2014 - iSEC Partners Executive Summary Immediate patches are required to fix a vulnerability in bash that allows arbitrary code execution from unauthenticated users. The full impact of vulnerable vectors … Continue reading Shellshock Advisory

Heartbleed (CVE-2014-0160) Advisory

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Heartbleed (CVE-2014-0160) Advisory 10 Apr 2014 - Andy Grant, Justin Engler, Aaron Grattafiori News of a major widespread vulnerability discovered by Neel Mehta came out Monday, April 7 2014. This vulnerability allows a network … Continue reading Heartbleed (CVE-2014-0160) Advisory