CVE-2020-6756
published 2020-01-09CVE-2020-6756: languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.56%
95.2th percentile
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rasilient | pixelstor_5000_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to languageOptions.php on Rasilient PixelStor 5000 devices for unexpected or shell-command-like values in the 'lang' parameter, indicating unauthenticated RCE exploitation attempts. ↗
- →SORA (IoT.Linux.MIRAI.DLEU) and UNSTABLE (IoT.Linux.MIRAI.DLEV) Mirai variants exploit CVE-2020-6756 to gain entry into Rasilient PixelStor5000 devices; detect these malware families on IoT/Linux endpoints. ↗
- →Post-exploitation pattern: attackers download and execute a shell script from a C&C server, which in turn downloads and executes the SORA or UNSTABLE payload. Monitor for outbound shell script downloads followed by execution on IoT/Linux devices. ↗
- →Monitor network traffic for increasing connection attempts to unknown domains from IoT devices, which may indicate Mirai botnet propagation activity following CVE-2020-6756 exploitation. ↗
- ·Vulnerability affects only Rasilient PixelStor 5000 running firmware version K:4.0.1580-20150629 (KDI Version); detections should be scoped to this specific version. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Trendmicro
ZDI Bug Hunters Rake in $1.5 M
blogs_trendmicro·2020-02-07
ZDI Bug Hunters Rake in $1.5 M
Malware
# ZDI Bug Hunters Rake in $1.5 M
Read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords to steal them for credit card information and other personal data.
By: Jon Clay
2020/02/07
Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords so it can steal them for credit card information and other personal data.
Read on:
#### Four Reasons Your C
Trendmicro
Mirai-Varianten zielen auf Videoüberwachungssysteme
blogs_trendmicro·2020-02-06·CVSS 9.8
[CRITICAL] Mirai-Varianten zielen auf Videoüberwachungssysteme
Ausnutzung von Schwachstellen
## Mirai-Varianten zielen auf Videoüberwachungssysteme
Sicherheitsforscher von Trend Micro haben zwei Varianten der Internet of Things (IoT)-Malware, Mirai, gefunden. Diese nutzen neue Verbreitungsmethoden und verschaffen sich Zugang über eine Schwachstelle in Videoüberwachungs-Speichersystemen.
By: Trend Micro Feb 06, 2020 Read time: ( words)
Save to Folio
Von Trend Micro
Sicherheitsforscher von Trend Micro haben zwei Varianten der Internet of Things (IoT) -Malware, Mirai, gefunden. Die beiden Varianten, SORA (IoT.Linux.MIRAI.DLEU) und UNSTABLE (IoT.Linux.MIRAI.DLEV) nutzen neue Verbreitungsmethoden und verschaffen sich Zugang über die Schwachstelle CVE-2020-6756 in Rasilient PixelStor5000 -Videoüberwachungs-Speichersystemen.
Mirai ist eine Malware, di
http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.htmlhttps://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.htmlhttps://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/
2020-01-09
Published