Advisories

CVE: CVE-2022-26718 Tested Versions: macOS 11.x.x <= 11.6.4 macOS 12.x.x <= 12.2.1 Product URL(s): https://www.apple.com/ Description of the vulnerability smbfs stands for Samba file system of macOS, which is used for communication and linking with Samba file server. smbfs allows users to connect a remote shared folder to Finder. smbfs is a macOS driver containing two components one is netsmb and the other one is smbfs, this driver also has public open source at this link but it is only available for macOS 11....

CVE: CVE-2021-30844 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows an attacker to leak kernel memory to achieve further exploitation. The bug occurs on the SMBIOC_T2RQ ioctl handler. This handler first process user-mode input on function smb_usr_t2request int smb_usr_t2request(struct smb_share *share, struct smbioc_t2rq *dp, vfs_context_t context) { //....

CVE: CVE-2021-30845 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com/ Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows an attacker to leak kernel memory to achieve further exploitation. The vulnerability exists in the smbfs_mount function, which can be triggered via mount syscall. mount syscall will take data from user input and pass it to smbfs_mount....

CVE: CVE-2021-30868 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com/ Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows attacker can escalate from user permission into root privilege. smbfs kext was implemented with chardev device styles. User can interact with smbfs kext via ioctl syscall to do some task....

CVE: CVE-2021-35400 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by mesh.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

CVE: CVE-2021-35401 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by login.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

CVE: CVE-2021-35403 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by touchlist_sync.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....