Mocor OS running on UNISOC SoC is vulnerable to clock fault injection.
A vulnerability in the Mocor OS leads to bypass of the user password leading to compromise in saferty and privacy of the devices.
Unauthenticated command injection vulnerability discovered in the WAGO Series PFC100 web interface.
A vulnerability in the WAGO web-based management interface enables arbitrary command execution with webserver privileges.
In the ever-evolving world of firmware extraction, unblob continues to make waves. With five months of intense activity, our project has grown exponentially, and we have some exciting updates to share!
Discover the power of fault injection tools and how they can help identify vulnerabilities in your hardware systems before they can be exploited by attackers. Learn how an AI-assisted Teensy-based fault injection framework can be a great starting point for hobbyists interested in exploring the field.
Phoenix Contact routers were found to be vulnerable to high-risk authenticated command injection and path traversal attacks, allowing attackers to execute arbitrary commands with elevated privileges.
We’ve automatically identified vulnerabilities affecting multiple NetModule industrial routers using ONEKEY’s platform and reported it to the vendor.
In this technical deep dive, we explore the underlying issues fixed by the recent critical patch released by ClamAV.
We have identified a path traversal vulnerability in binwalk that could be abused to gain remote command execution.
We’ve automatically identified vulnerabilities affecting multiple WAGO industrial controllers using ONEKEY’s platform and reported it to the vendor.
We have been working hard over the last few months since we first introduced unblob to the world at Blackhat Arsenal and DEFCON Demo Labs. As the project continues to grow, we wanted to share a few things with you.
This one is special because it affects a NAS device from Asus, which according to them “has been EOL for years“, with the latest firmware version dating back 10 years. Since there’s no fix in sight, we don’t have to wait for the 90 days and can publish the interesting details.
The short answer is: not about this patch. The effects of CVE-2022-3786 and CVE-2022-3602 on ICS, IoT, and IoMT devices are negligible. But the long answer is more complex than this.
