Zephyrnet Logo

Ransomware Gone Awry Has Fatal Consequences

Date:

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-5605
PUBLISHED: 2020-09-18

Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.

CVE-2020-5606
PUBLISHED: 2020-09-18

Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.

CVE-2020-5628
PUBLISHED: 2020-09-18

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.

CVE-2020-5629
PUBLISHED: 2020-09-18

UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.

CVE-2020-25756
PUBLISHED: 2020-09-18

** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."

Source: https://www.darkreading.com/attacks-breaches/ransomware-gone-awry-has-fatal-consequences/d/d-id/1338946?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

spot_img

Latest Intelligence

spot_img