CVE-2024-1000
published 2024-01-29CVE-2024-1000: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.25%
65.7th percentile
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| floraison | fugit | >= 0 < 1.11.1 | 1.11.1 |
| chrome_chrome | — | — | |
| totolink | n200re | — | — |
| totolink | n200re_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:N/AC:L/Au:M/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
fugit parse and parse_nat stall on lengthy input
ghsa·2024-08-19
CVE-2024-43380 [MEDIUM] CWE-400 fugit parse and parse_nat stall on lengthy input
fugit parse and parse_nat stall on lengthy input
### Impact
The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight.
Fugit dependents that do not check (user) input length for plausability are impacted.
### Patches
Problem was reported in #104 and the fix was released in [fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1)
### Workarounds
By making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`, `Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`, and `Fugit::Nat.do_parse(s)` are not fed strings too long. 1000 chars feels ok, while 10_000 chars makes it stall.
In fewer
GHSA
GHSA-qrpx-55hc-9pr8: A vulnerability was found in Totolink N200RE 9
ghsa_unreviewed·2024-01-29
CVE-2024-1000 [HIGH] CWE-121 GHSA-qrpx-55hc-9pr8: A vulnerability was found in Totolink N200RE 9
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Chrome
Stable Channel Update for Desktop: CVE-2025-12908
vendor_chrome·2025-09-02·CVSS 5.4
CVE-2025-12908 [LOW] Stable Channel Update for Desktop: CVE-2025-12908
Stable Channel Update for Desktop
CVE-2025-12908: Insufficient validation of untrusted input in Downloads. Reported by Abhishek Kumar on 2025-05-31 [$1000][ 361116749 ] Low CVE-2025-12909: Insufficient policy enforcement in Devtools
Reported by Noam Gaash on 2024-08-20 [TBD][ 434977743 ] Low CVE-2025-12910: Inappropriate implementation in Passkeys
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2025-4052
vendor_chrome·2025-04-29·CVSS 6.3
CVE-2025-4052 [LOW] Stable Channel Update for Desktop: CVE-2025-4052
Stable Channel Update for Desktop
CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 The previous version of these notes did not include the following security fixes which were included in the release: [$4000][ 402791076 ] Medium CVE-2025-13097: Inappropriate implementation in DevTools
Reported by Alesandro Ortiz on 2025-03-13 [$1000][ 379818904 ] Low CVE-2024-13983: Inappropriate implementation in Lens
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2025-3067
vendor_chrome·2025-04-01·CVSS 8.6
CVE-2025-3067 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-3067
Stable Channel Update for Desktop
CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31 [$2000][ 401823929 ] Medium CVE-2025-3068: Inappropriate implementation in Intents
Reported by Simon Rawet on 2025-03-09 [$1000][ 40060076 ] Medium CVE-2025-3069: Inappropriate implementation in Extensions
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2025-0443
vendor_chrome·2025-01-14·CVSS 8.8
CVE-2025-0443 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0443
Stable Channel Update for Desktop
CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31 [$1000][ 359949844 ] Low CVE-2025-0446: Inappropriate implementation in Extensions
Reported by Hafiizh on 2024-08-15 [$1000][ 375550814 ] Low CVE-2025-0447: Inappropriate implementation in Navigation
Severity: medium
Red Hat
kernel: sched/numa: fix memory leak due to the overwritten vma->numab_state
vendor_redhat·2024-12-27·CVSS 5.5
CVE-2024-56613 [MEDIUM] CWE-401 kernel: sched/numa: fix memory leak due to the overwritten vma->numab_state
kernel: sched/numa: fix memory leak due to the overwritten vma->numab_state
In the Linux kernel, the following vulnerability has been resolved:
sched/numa: fix memory leak due to the overwritten vma->numab_state
[Problem Description]
When running the hackbench program of LTP, the following memory leak is
reported by kmemleak.
# /opt/ltp/testcases/bin/hackbench 20 thread 1000
Running with 20*40 (== 800) tasks.
# dmesg | grep kmemleak
...
kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
kmemleak: 665 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff888cd8ca2c40 (size 64):
comm "hackbench", pid 17142, jiffies 4299780315
hex dump (first 32 bytes):
ac 74 49 00 01 00 00 00 4c 84 49 00 01 00 00 00 .tI.
Cisco
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
vendor_cisco·2024-10-23·CVSS 9.3
CVE-2024-20412 [CRITICAL] CWE-259 Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.
This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the
Cisco
Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
vendor_cisco·2024-09-25·CVSS 8.6
CVE-2024-20467 [HIGH] CWE-399 Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and
Chrome
Stable Channel Update for Desktop: CVE-2024-8907
vendor_chrome·2024-09-17·CVSS 6.1
CVE-2024-8907 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-8907
Stable Channel Update for Desktop
CVE-2024-8907: Insufficient data validation in Omnibox. Reported by Muhammad Zaid Ghifari on 2024-08-18 [$1000][ 337222641 ] Low CVE-2024-8908: Inappropriate implementation in Autofill
Reported by Levit Nudi from Kenya on 2024-04-26 [$1000][ 341353783 ] Low CVE-2024-8909: Inappropriate implementation in UI
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2024-7975
vendor_chrome·2024-08-21·CVSS 4.3
CVE-2024-7975 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-7975
Stable Channel Update for Desktop
CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16 [$2000][ 339654392 ] Medium CVE-2024-7976: Inappropriate implementation in FedCM
Reported by Alesandro Ortiz on 2024-05-10 [$1000][ 324770940 ] Medium CVE-2024-7977: Insufficient data validation in Installer
Severity: medium
Red Hat
kernel: tcp: avoid too many retransmit packets
vendor_redhat·2024-07-15·CVSS 3.3
CVE-2024-41007 [LOW] CWE-99 kernel: tcp: avoid too many retransmit packets
kernel: tcp: avoid too many retransmit packets
In the Linux kernel, the following vulnerability has been resolved:
tcp: avoid too many retransmit packets
If a TCP socket is using TCP_USER_TIMEOUT, and the other peer
retracted its window to zero, tcp_retransmit_timer() can
retransmit a packet every two jiffies (2 ms for HZ=1000),
for about 4 minutes after TCP_USER_TIMEOUT has 'expired'.
The fix is to make sure tcp_rtx_probe0_timed_out() takes
icsk->icsk_user_timeout into account.
Before blamed commit, the socket would not timeout after
icsk->icsk_user_timeout, but would use standard exponential
backoff for the retransmits.
Also worth noting that before commit e89688e3e978 ("net: tcp:
fix unexcepted socket die when snd_wnd is 0"), the issue
would last 2 minutes instead of 4.
A vulnerabilit
Chrome
Stable Channel Update for Desktop: CVE-2024-3845
vendor_chrome·2024-04-16·CVSS 4.3
CVE-2024-3845 [LOW] Stable Channel Update for Desktop: CVE-2024-3845
Stable Channel Update for Desktop
CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [$2000][ 40064754 ] Low CVE-2024-3846: Inappropriate implementation in Prompts
Reported by Ahmed ElMasry on 2023-05-23 [$1000][ 328690293 ] Low CVE-2024-3847: Insufficient policy enforcement in WebUI
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2024-2629
vendor_chrome·2024-03-19·CVSS 4.3
CVE-2024-2629 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-2629
Stable Channel Update for Desktop
CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02 [$1000][ 41481877 ] Medium CVE-2024-2630: Inappropriate implementation in iOS
Reported by James Lee (@Windowsrcer) on 2023-12-07 [$2000][ 41495878 ] Low CVE-2024-2631: Inappropriate implementation in iOS
Severity: medium
Red Hat
argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
vendor_redhat·2024-03-18·CVSS 7.5
CVE-2024-21662 [HIGH] CWE-307 argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for differen
Chrome
Stable Channel Update for Desktop: CVE-2024-3171
vendor_chrome·2024-02-20·CVSS 5.4
CVE-2024-3171 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-3171
Stable Channel Update for Desktop
CVE-2024-3171: Use after free in Accessibility. Reported by ttt on 2023-12-12 [$1000][ 40944847 ] Low CVE-2024-1676: Inappropriate implementation in Navigation
Reported by Khalil Zhani on 2023-11-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: medium
Cisco
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20412 Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
CVE-2024-20412: Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable t
Cisco
Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20467 Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
CVE-2024-20467: Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Service
Suricata
ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
suricata·2022-09-06·CVSS 9.8
CVE-2017-6862 [CRITICAL] ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:>1000; content:"unauth.cgi"; fast_pattern; content:"timestamp="; reference:cve,2017-6862; classtype:attempted-admin; sid:2038736; rev:2; metadata:attack_target Networking_Equipment, created_at 2022_09_06, cve CVE_2017_6862, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_03_08;)
Suricata
ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016)
suricata·2017-02-03·CVSS 5.9
CVE-2017-0016 [MEDIUM] ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016)
ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016)
Rule: alert tcp any 445 -> $HOME_NET any (msg:"ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016)"; flow:established,to_client; content:"|FE|SMB"; offset:4; depth:4; content:"|03 00|"; distance:8; within:2; byte_test:1,&,1,2,relative; byte_jump:2,8,little,from_beginning; byte_jump:2,4,relative,little; isdataat:1000,relative; content:!"|FE|SMB"; within:1000; reference:cve,2017-0016; classtype:attempted-dos; sid:2023832; rev:4; metadata:affected_product SMBv3, attack_target Client_and_Server, created_at 2017_02_03, cve CVE_2017_0016, deployment Datacenter, confidence High, signature_severity Major, updated_at 2024_03_07;)
Suricata
GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
suricata·2010-09-23
CVE-1999-0696 GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt"; flow:established,to_server; content:"|00 01 86 E4|"; depth:4; offset:16; content:"|00 00 00 06|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_jump:4,0,relative,align; byte_test:4,>,1000,28,relative; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,524; reference:cve,1999-0696; reference:url,www.cert.org/advisories/CA-99-08-cmsd.html; classtype:misc-attack; sid:2101909; rev:14; metadata:created_at 2010_09_23, cve CVE_1999_0696, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
Typecho 1.3.0 - Race Condition
exploitdb·2025-04-10·CVSS 6.5
CVE-2024-35539 [MEDIUM] Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Race Condition
---
# Exploit Title: Typecho 1.3.0 - Race Condition
# Google Dork: intext:"Powered by Typecho" inurl:/index.php
# Date: 18/08/2024
# Exploit Author: Michele 'cyberaz0r' Di Bonaventura
# Vendor Homepage: https://typecho.org
# Software Link: https://github.com/typecho/typecho
# Version: 1.3.0
# Tested on: Typecho 1.3.0 Docker Image with PHP 7.4 (https://hub.docker.com/r/joyqi/typecho)
# CVE: CVE-2024-35539
# For more information, visit the blog post: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
package main
import (
"bytes"
"fmt"
"io"
"net/http"
"net/url"
"os"
"strings"
"sync"
"sync/atomic"
"time"
"github.com/robertkrimen/otto"
)
var (
c int32 = 0
commentsPostInterval int64 = 60
maxThreads int = 1000
wg sync.WaitGroup
userAgent string
Nuclei
Jenkins < 2.441 - Arbitrary File Read
nuclei·CVSS 9.8
CVE-2024-23897 [CRITICAL] Jenkins < 2.441 - Arbitrary File Read
Jenkins (c === 'x' ? Math.random() * 16 | 0 : (Math.random() * 16 | 0 & 0x3 | 0x8)).toString(16));
let conn, conn2;
try { conn = m.OpenTLS('tcp', address) } catch { conn = m.Open('tcp', address)}
conn.Send(`POST /cli?remoting=false HTTP/1.1\r\nHost:${Host}\r\nSession: ${session_id}\r\nSide: download\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 0\r\n\r\n`);
resp = conn.RecvString(1000)
try { conn2 = m.OpenTLS('tcp', address) } catch { conn2 = m.Open('tcp', address)}
conn2.Send(`POST /cli?remoting=false HTTP/1.1\r\nHost:${Host}\r\nContent-type: application/octet-stream\r\nSession: ${session_id}\r\nSide: upload\r\nConnection: keep-alive\r\nContent-Length: 163\r\n\r\n${Body}`)
resp2 = conn.RecvString(1000)
args:
Body: "{{payload}}"
Host: "{{Host}}"
Port: 80,443 # if
HackerOne
CVE-2024-2398: HTTP/2 push headers memory-leak
hackerone·2024-04-22·CVSS 8.6
CVE-2024-2398 [HIGH] CVE-2024-2398: HTTP/2 push headers memory-leak
CVE-2024-2398: HTTP/2 push headers memory-leak
A memory leak was found in libcurl in handling HTTP/2 push headers, which could lead to a denial of service due to memory exhaustion.
Original report: https://hackerone.com/reports/2402845
## Impact
denial of service
CVE-2024-2398
HTTP/2 push headers memory-leak
VULNERABILITY
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
Further, this error condition fails silently and is therefore not easily detected by an application.
INFO
If a server sends many PUSH_PROMISE frames with a
Bugzilla
CVE-2024-2398 curl: HTTP/2 push headers memory-leak
bugzilla·2024-03-20·CVSS 8.6
CVE-2024-2398 [HIGH] CVE-2024-2398 curl: HTTP/2 push headers memory-leak
CVE-2024-2398 curl: HTTP/2 push headers memory-leak
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
Further, this error condition fails silently and is therefore not easily detected by an application.
If a server sends many `PUSH_PROMISE` frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked *per response*.
HTTP/2 server push is a relatively rarely used feature.
Reference:
https://curl.se/docs/CVE-2024-2398.html
Upstream patch:
https://github.com/curl/curl/commit/deca8039991886a55
Huntress
Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress
blogs_huntress·2024-02-19·CVSS 8.4
CVE-2024-1709 Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress
UPDATE: Read our full analysis of CVE-2024-1709 & CVE-2024-1708 and detection guidance here.
UPDATE: We have proactively deployed a temporary hotfix to over 1000 vulnerable systems managed by Huntress. It's crucial people still update to the latest official version ASAP. During research and creation of a Proof-of-Concept exploit to validate the vulnerability, Huntress identified a way to temporarily hot-fix vulnerable systems while administrators work to patch their systems.
UPDATE: Detection guidance from Huntress has been issued .
Huntress security researchers successfully created and validated a proof-of-concept exploit for the vulnerabilities referenced to in the latest February 19 ConnectWise ScreenConnect advisory .
CWE-288 “Authentication bypass using an alternate path or channe
Huntress
Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress
blogs_huntress·CVSS 8.4
CVE-2024-1709 Vulnerability Reproduced: Immediately Patch ScreenConnect 23.9.8 | Huntress
UPDATE: Read our full analysis of CVE-2024-1709 & CVE-2024-1708 and detection guidance here.
UPDATE: We have proactively deployed a temporary hotfix to over 1000 vulnerable systems managed by Huntress. It's crucial people still update to the latest official version ASAP. During research and creation of a Proof-of-Concept exploit to validate the vulnerability, Huntress identified a way to temporarily hot-fix vulnerable systems while administrators work to patch their systems.
UPDATE: Detection guidance from Huntress has been issued.
Huntress security researchers successfully created and validated a proof-of-concept exploit for the vulnerabilities referenced to in the latest February 19 ConnectWise ScreenConnect advisory.
1. CWE-288 “Authentication bypass using an alternate path or chann
https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4https://vuldb.com/?ctiid.252269https://vuldb.com/?id.252269https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4https://vuldb.com/?ctiid.252269https://vuldb.com/?id.252269
2024-01-29
Published