Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router.
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
The one other security issue Talos has disclosed over the past two weeks is a use-after-free vulnerability in an open-source port of WebKit, a popular content rendering engine used in popular web browsers like Apple Safari.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Discovered by Francesco Benvenuto.
The Yifan YF325 is a cellular terminal device that offers Wi-Fi and ethernet connectivity capabilities to a network.
The company’s website says the YF325, “has been widely used on M2M fields, such as self-service terminal industry, intelligent transportation, smart grid, industrial automation, telemetry, finance, POS, water supply, environment protection, post, weather, and so on.”
Talos recently discovered 10 vulnerabilities in this device an adversary could exploit to carry out a variety of malicious actions, including TALOS-2023-1767 (CVE-2023-32632), which could allow an attacker to execute arbitrary shell commands on the targeted device.
TALOS-2023-1762 (CVE-2023-24479) is perhaps the most serious of the set of vulnerabilities with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability to change the admin credentials of the device and obtain root access. TALOS-2023-1752 (CVE-2023-32645) is also an authentication bypass vulnerability, but in this case, an attacker could simply use leftover debug credentials to log in as an administrator.
The remaining vulnerabilities Talos disclosed in this product this week are buffer overflow vulnerabilities all triggered by specially crafted network requests:
- TALOS-2023-1761 (CVE-2023-35055 and CVE-2023-35056)
- TALOS-2023-1763 (CVE-2023-34365)
- TALOS-2023-1764 (CVE-2023-34346)
- TALOS-2023-1765 (CVE-2023-31272)
- TALOS-2023-1766 (CVE-2023-34426)
- TALOS-2023-1787 (CVE-2023-35965 and CVE-2023-35966)
- TALOS-2023-1788 (CVE-2023-35967 and CVE-2023-35968)
All these vulnerabilities also have a severity score of 9.8.
Talos is disclosing these vulnerabilities despite no official patch from Yifan, all in adherence to Cisco’s third-party vendor vulnerability disclosure policy.
Use-after-free vulnerability in WebKitGTK
Discovered by Marcin “Icewall” Noga.
Talos recently disclosed a use-after-free vulnerability in WebKitGTK’s MediaRecorder API.
WebKitGTK is a full-featured, open-source port of the WebKit rendering engine.
TALOS-2023-1831 (CVE-2023-39928) could lead to remote code execution, if the targeted user opens an attacker-controlled, malicious web page using an application that utilizes the affected version of WebKitGTK.
from Cisco Talos Blog https://bit.ly/3tu8WFm