Cisco Talos Blog

March 7, 2022 11:45

Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device

Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-217

February 24, 2022 09:00

Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information. Gerbv is an open-source

February 24, 2022 07:00

Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device. Lansweeper gather

February 23, 2022 11:58

Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution

Francesco Benvenuto and Emmanuel Tacheau of Cisco Talos and another team member discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit that allows users to c

February 16, 2022 14:09

Vulnerability Spotlight: Vulnerability in Hancom Office could lead to memory corruption, code execution

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a vulnerability in Hancom Office — a popular software suite in South Korea — that could allow an attacker to corrupt memory on the targeted machine or execute remote code. Han

February 11, 2022 16:22

Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login

Patrick DeSantis of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Moxa's MXview network management software that could allow an attacker to view sensitive data or bypass the need to log into the device. MXview is design

February 7, 2022 09:51

Vulnerability Spotlight: Use-after-free in Google Chrome could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software

February 2, 2022 07:00

Vulnerability Spotlight: Multiple vulnerabilities in Sealevel SeaConnect

Francesco Benvenuto and Matt Wiseman of Cisco Talos discovered these vulnerabilities. Update (Feb. 16, 2022): We are also disclosing a vulnerability in the Texas Instruments CC3200 SimpleLink microcontroller that is related to the SeaConnect vulnerabilities outlined in this post

January 31, 2022 07:30

Vulnerability Spotlight: Memory corruption and use-after-free vulnerabilities in Foxit PDF Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered a memory corruption and use-after-free vulnerability in the Foxit PDF Reader. Foxit PDF Reader is one of the most popular PDF document readers currently avai