{"uuid": "40a0e84d-f01d-4701-90e1-89e85f78aef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38555", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/310", "content": "Now here are the cve of linksys and Tp-Link equipment\n\nFor those who do not know linksys is a manufacturer of networking equipment for small offices and homes. They make network hubs, routers, and network cards. \n\nFor example, linksys' managed switches include features for rapid network expansion. The STP and Storm Control protocol features help control planned or unintended cable loops linksys help protect the network with port authentication which requires clients to authenticate themselves before they start working, clients must authenticate themselves before transmitting any data. \nSo what are the vulnerabilities of this equipment ?\n\nHere are some cve \nFor example, there is CVE-2022-38555 it is a buffer overflow vulnerability in Linksys E1200 already has a poc  or CVE-2020-35713 remote pre-authentication code execution in Linksys RE6500 already has an exploit for it too . \nMore details about the attacks in the archive below \ud83e\ude78\n\nNow about TP-LINK - it is also a supplier of Wi-Fi routers for home and office and one of the largest manufacturers of network equipment. \n\nI will also tell you about some cve of their equipment \nFor example CVE-2022-30075  - importing a malicious backup file via web interface can lead to remote code execution due to wrong checks , there is an exploit for it or CVE-2022-24355 this is RCE vulnerability, i.e. it allows intruders in neighboring network to run arbitrary code on router installations . No authentication is required to exploit this vulnerability. The problem arises because there is no proper length check on user data before it is copied to a fixed-length stack buffer. An attacker can use this vulnerability to execute code in a root context. \nRead more about it link\n\nAnd I think that's it .\nIn this post we have analyzed types of attacks and some hardware vulnerabilities. \nRead more in the archive below\ud83c\udf1f .There will be more articles about the attacks in the future.\n\nThank you for reading\u2764\ufe0f\nRemember Alice, there is a rabbit hole in the looking glass, so follow the rabbit \ud83d\udc07\ud83c\udf80\n#network #wifi #attacks #cve #exploit #dos #traffic_analysis #router", "creation_timestamp": "2022-11-09T07:53:43.000000Z"}