Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in September 2011
<<   <   Page 2 / 2
Tech Insight: Three Hardware Tools For Physical Penetration Testing
News  |  9/2/2011  | 
How to hack yourself like a social engineer
WikiLeaks Sues Guardian, Cables Controversy Grows
News  |  9/1/2011  | 
WikiLeaks alleges that the newspaper violated its confidentiality agreement by publishing a password to a file containing unredacted versions of 251,000 State Department cables.
Google Blocks 247 Digital Certificates, But Worries Linger
News  |  9/1/2011  | 
Mozilla, Microsoft also blocking fraudulent DigiNotar certificates, but security experts say nothing short of an SSL protocol overhaul will help.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14119
PUBLISHED: 2021-09-16
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom&lt; 1.1.12
CVE-2020-14124
PUBLISHED: 2021-09-16
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom&lt; 1.1.12.
CVE-2021-34571
PUBLISHED: 2021-09-16
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.
CVE-2021-34572
PUBLISHED: 2021-09-16
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.
CVE-2021-34573
PUBLISHED: 2021-09-16
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and &quot;no flow&quot; are not reconized or misinterpreted. This may lead to wrong values and missing events.