How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.
Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato
Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router. The Siretta Quartz-Gold is an industrial cellular router with several features and services, su
Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products
Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check for the performed operati
Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access
Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a non-privileged user to a privileged one. There are also multiple vulnerabilities that could allow an adv