CVE-2022-36614 Totolink A860R v4.1.2cu.5182_B20201027 had a hardcoded password for root at /etc/shadow.sample.
A hardcoded password, such as this one, is a very bad sign. It means that the device was probably developed by a third party. The
CVE-2022-21742 The Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function.
An authenticated user on the same network can exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVE-2019-0516: An issue was
CVE-2022-31459 Attackers can retrieve the passcode hash using a certain c 10 value over Bluetooth.
All Bluetooth devices have a unique pairing code known as a UUID (Univer sity of Io dia) that is used to identify each device. This
CVE-2022-31462 - Exploiting Owl Labs Meeting Owl 5.2..15 Backdoor Password Vulnerability
Recent findings have brought to light a critical vulnerability in Owl Labs Meeting Owl 5.2..15, a popular All-in-One Conference Device. The vulnerability, identified
CVE-2022-0916 An issue was discovered in Logitech Options OAuth 2.0 state parameter not properly validated.
To protect against these attacks, applications should always check the state parameter received from the server. In addition, applications should only permit authorized state change
Episode
00:00:00
00:00:00