WiFi Extender bugs allow hackers to see what you see on phone and TV remotely

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Cybersecurity specialists reported the finding of three serious vulnerabilities in Tenda’s PA6 Powerline, a solution to extend the range of a WiFi signal. According to the report, the successful exploitation of these flaws would allow threat actors, denial of service (DoS) attacks, among other scenarios.

Below are brief overviews of reported vulnerabilities, in addition to their respective scores and identification keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2019-19506: Insufficient validation of user-supplied input in the “homeplugd” process would allow threat actors to deploy denial of service (DoS) attacks on affected systems by sending specially designed requests.

This flaw received a CVSS score of 6.9/10, so it is considered a medium severity vulnerability. While these flaws can be exploited remotely by unauthenticated hackers, so far no cases of active exploitation or a malware variant related to this attack have been reported. The flaw lies in PA6 Wi-Fi Powerline v1.0.1.21.

CVE-2019-19505: The second reported flaw exists due to a limit error in the “Wireless” section on the device’s web interface, which could allow threat actors to execute remote code on the target system by sending a specially crafted hostname and generating a buffer overflow.

Successful exploitation of this failure would lead to the total commitment of the affected system.

The vulnerability is in PA6 Wi-Fi Version 1.0.1.21 and received a score of 9/10, so it is considered a critical flaw. This flaw can also be exploited remotely by unauthenticated hackers; no cases of exploitation have been reported in real-world scenarios. Researchers have also not detected any malware variants related to this attack.

CVE-2019-16213: Incorrect input validation allows remote threat actors to execute arbitrary commands on the target system. Threat actors would only have to send a specially designed string, modifying the name of the PLC adapter device.

As in previous cases, this flaw can be exploited by unauthenticated remote threat actors, although there are no reports of active exploitation cases or about the existence of any malware variant associated with this attack.

This medium severity flaw received a score of 8/10 and affects Powerline version 1.0.1.21.

The company has not released security updates to fix these flaws and no workarounds are known, so users of affected devices are advised to verify their configuration.
The post WiFi Extender bugs allow hackers to see what you see on phone and TV remotely appeared first on Cyber Security News | Exploit One | Hacking News.

X ITM Cloud News

Ana

Leave a Reply

Next Post

TransferWise to offer investment products but has ‘no plans’ to become a bank

Wed Jul 1 , 2020
Spread the love          TransferWise, the London-headquartered international money transfer service recently valued at $3.5 billion, has secured an additional license with U.K. regulators to enable it to offer investment products in the future. This will mean that U.K. customers who have money deposited in a TransferWise multi-currency or so-called “borderless” account […]
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM