(CVE-20221-35406) Prolink PRC2402M qos.cgi qos_settings Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35406 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by qos.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35407) Prolink PRC2402M mesh.cgi get_upgrade_page Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35407 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by mesh.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35409) Prolink PRC2402M nightled.cgi SetNightLed Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35409 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by nightled.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-30836) WebKit WebCore::AudioNode::disconnect null pointer reference

CVE: CVE-2021-30836 Tested Versions: webkitGTK2.32.0 Product URL(s): https://webkit.org/ Description of the vulnerability In order to show how we can reproduce it, let’s open poc.html in webkitgtk version 2.32.0 within Ubuntu. Alternatively, you may want to use my docker script to build. Source code of build.sh docker build . -t webkit_asan docker run -it --name=webkit2.32.0 webkit_asan /bin/bash Source code of Dockerfile FROM ubuntu:18.04 MAINTAINER mipu94 RUN echo ${WEBKIT_VERSION} ARG DEBIAN_FRONTEND=noninteractive RUN apt-get -y update && \ apt-get install -y wget \ cmake \ bison \ git \ unzip \ xz-utils \ apache2 \ llvm-7 \ clang-7 \ libclang-7-dev \ tzdata \ sed \ ruby WORKDIR /root/ # install ninja RUN wget https://github....

June 9, 2021 · 3 min · Ta Dinh Sung

(CVE-20221-35402) Prolink PRC2402M live_api.cgi satellist_list Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35402 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by live_api.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....

June 9, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-35408) Prolink PRC2402M qos.cgi qos_sta_settings Un-authenticated Command Injection Vulnerability

CVE: CVE-2021-35408 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by qos.cgi, which is passed to system, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes POST requests through HTML forms to interact with the cgi scripts....

June 8, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-0956) Android NFC Out-Of-Bounds Write due to increase mNumTechList without bounds checking

CVE: CVE-2021-0956 Tested Versions: RQ1A.210205.004 Product URL(s): https://www.android.com/ Description of the vulnerability There is a Out-Of-Bounds Write problem found in libnfc_nci_jni.so, within the NFC endpoints discovering and activation. Specifically, in file packages/apps/Nfc/nci/jni/NfcTag.cpp, function NfcTag::discoverTechnologies (activation), when a new NFC endpoint is actived, its information is append to some arrays. Since there is no bound check when append data, it may result in a Out-of-bounds Write vulnerability....

May 28, 2021 · 4 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)