Cisco Talos Intelligence Blog

March 21, 2023 13:03

Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution

Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.

March 21, 2023 09:03

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.

March 16, 2023 14:03

Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS

Due to JSON format limitations, the vulnerability only manifests itself as a remote denial of service in Ghost CMS, which crashes the Node.js process. However, the vulnerability could potentially lead to remote code execution in other products that use it.

February 23, 2023 09:02

Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities

Two of the vulnerabilities are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.

January 26, 2023 16:01

Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router. The Siretta Quartz-Gold i

January 19, 2023 15:01

Vulnerability Spotlight: XSS vulnerability in Ghost CMS

Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a cross-site scripting (XSS) vulnerability in Ghost CMS. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subsc

January 13, 2023 11:01

Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML

Emma Reuter and Theo Morales of ASIG and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML. Qt is a popular software suite primarily used to create graphical user interface

January 10, 2023 11:01

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered

Lilith >_> of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers.

December 22, 2022 10:12

Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service

Lilith >_> of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further