Skip to main content

CND News and Blog

New Vulnerabilities Thursday 31 October


New Alerts for D-Link, HP, Draytek, Bosch, Tenable, Splunk, and Linux.

D-Link 

The D-Link DSL6740C modem is configured with default and predictable administrator credentials that compromise the security of the device. These credentials allow unauthorized remote access to the modem's control panel, posing a significant security risk. CVSSv3 score of 9.8
There is no information about patching.
More info.

HP 

HP ThinPro contains several security vulnerabilities, including Escalation of Privilege, Arbitrary Code Execution, Denial of Service, and Information Disclosure. CVEs date back to 2015. Highest CVSSv3 score of 9.8
More info.

Vulnerabilities have been identified in the system BIOS for HP PC products, which might allow code execution, denial of service, and/or information disclosure. Highest CVSSv3 score of 8.3
More info.

Draytek 

Draytek Vigor3900 contains a vulnerability that allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. CVSSv3 score of 9.8
No indication of fixes, PoC code is available.
More info.

Bosch 

A vulnerability in the PROFINET stack implementation of the IndraDrive allows an attacker to cause a DoS, rendering the device unresponsive by sending arbitrary UDP messages. CVSSv3 score of 7.5
More info.

Tenable 

Sensor Proxy uses OpenSSL which contains vulnerabilities. CVSSv3 score of 7.5
More info.

Splunk 

Third-Party package updates are available in the Splunk Add-on for Cisco Meraki. Splunk rates this High.
More info.

Linux 

Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 08 December 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/