New Alerts for D-Link, HP, Draytek, Bosch, Tenable, Splunk, and Linux.
D-Link
The D-Link DSL6740C modem is configured with default and predictable administrator credentials that compromise the security of the device. These credentials allow unauthorized remote access to the modem's control panel, posing a significant security risk. CVSSv3 score of 9.8
There is no information about patching.
More info.
HP ThinPro contains several security vulnerabilities, including Escalation of Privilege, Arbitrary Code Execution, Denial of Service, and Information Disclosure. CVEs date back to 2015. Highest CVSSv3 score of 9.8
More info.
Vulnerabilities have been identified in the system BIOS for HP PC products, which might allow code execution, denial of service, and/or information disclosure. Highest CVSSv3 score of 8.3
More info.
Draytek Vigor3900 contains a vulnerability that allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. CVSSv3 score of 9.8
No indication of fixes, PoC code is available.
More info.
A vulnerability in the PROFINET stack implementation of the IndraDrive allows an attacker to cause a DoS, rendering the device unresponsive by sending arbitrary UDP messages. CVSSv3 score of 7.5
More info.
Sensor Proxy uses OpenSSL which contains vulnerabilities. CVSSv3 score of 7.5
More info.
Third-Party package updates are available in the Splunk Add-on for Cisco Meraki. Splunk rates this High.
More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Comments