2022 - Page 3 of 3 - Exodus Intelligence

ZyXEL Armor Photobak Command Injection Vulnerability

February 23, 2022February 22, 2022 by Exodus Intel VRT

EIP-c624ba9f

A command-injection vulnerability exists within the ZyXEL Armor Z1 AC2350 series. The vulnerable endpoint is within the ‘photobak’ component found in the cgi-bin. Exploitation of the vulnerability allows for remote unauthenticated attackers to run arbitrary commands on vulnerable versions of the firmware under the context of the underlying lighthttpd subsystem.

Vulnerability Identifiers

Exodus Intelligence: EIP-c624ba9f
MITRE CVE: CVE-2021-4029

Vulnerability Metrics

CVSSv2 Score: 8.3

Vendor References

https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: December 14th, 2021
Disclosed to public: February 22nd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability

February 2, 2022February 2, 2022 by Exodus Intel VRT

EIP-1a8a439f

A vulnerability exists in Zlibc that allows a local attacker to execute arbitrary code with elevated privileges through manipulation of the LD_ZLIB_CONFFILE and LD_ZLIB_UNCOMPRESSOR environment variables when calling setuid binaries.

Vulnerability Identifiers

Exodus Intelligence: EIP-1a8a439f
MITRE CVE: N/A

Vulnerability Metrics

CVSSv2 Score: 6.6

Vendor References

This vulnerability has been addressed in Zlibc version 0.9l.
https://www.zlibc.linux.lu/download.html
https://zlibc.linux.lu/mailman3/hyperkitty/list/zlibc@zlibc.linux.lu/

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: January 5th, 2022
Disclosed to public: February 2nd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

Arris SURFboard SSDP Command Injection Vulnerability

February 8, 2022February 2, 2022 by Exodus Intel VRT

EIP-55f127ea

A vulnerability exists within Arris SURFboard’s handling of Simple Service Discovery Protocol (SSDP) messages. A specially crafted NOTIFY message with a LOCATION header can result in a command injection under the context of the root user.

Vulnerability Identifiers

Exodus Intelligence: EIP-55f127ea
MITRE CVE: CVE-2021-41552

Vulnerability Metrics

CVSSv2 Score: 8.3

Vendor References

https://arris.my.salesforce.com/sfc/p/#30000000kUAL/a/4Q000000Raud/cRx46eSijpwhTpoeWSgB1dQehSMwFrLV1gurcqI35QY

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: June 16th, 2021
Disclosed to public: February 2nd, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

LiveAction LiveNX AWS Credential Disclosure Vulnerability

January 19, 2022January 19, 2022 by Exodus Intel VRT

EIP-7d4ec9e3

Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access to LiveAction internal resources.

Vulnerability Identifiers

Exodus Intelligence: EIP-7d4ec9e3
MITRE CVE: N/A

Vulnerability Metrics

CVSSv2 Score: 10

Vendor References

This vulnerability has been address in LiveAction LiveNX version 21.4.0

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to affected vendor: July 1st, 2021
Disclosed to public: January 19th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.

ZyXEL Armor Photobak Command Injection Vulnerability

EIP-c624ba9f

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability

EIP-1a8a439f

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Arris SURFboard SSDP Command Injection Vulnerability

EIP-55f127ea

Vulnerability Identifiers

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

LiveAction LiveNX AWS Credential Disclosure Vulnerability

EIP-7d4ec9e3

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Intelligence

Support

Company