Cisco Talos Intelligence Blog

August 3, 2022 14:08

Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution

Jaewon Min of Cisco Talos discovered these vulnerabilities. Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post. Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilitie

August 1, 2022 12:08

Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities

By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mes

July 27, 2022 12:07

Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products

By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code: This unescape function will revert the URL encoded bytes to its original form. But something specifically caught my attention: There was no size check

July 19, 2022 08:07

Vulnerability Spotlight: Issue in Accusoft ImageGear could lead to memory corruption, code execution

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function. The ImageGear library is a document-imaging developer toolkit that allows users to create, ed

July 14, 2022 10:07

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that

July 13, 2022 11:07

Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code. Acrobat

June 30, 2022 13:06

Vulnerability Spotlight: Command injection vulnerabilities in Robustel cellular router

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four vulnerabilities in the Robustel R1510 industrial cellular router. The R1510 is a portable router that shares 2G, 3G and 4G wireless internet access. It

June 15, 2022 15:06

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2. The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.

May 25, 2022 11:05

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Jared Rittle of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the ta