CISA Alerts: January 23, 2024 FIRMWARE

cybersecurity-hack

CISA Alert Highlights for January 23, 2024

How are Vulnerabilities Rated?

Here are a few vulnerabilities involving products with comprised firmware that was recently released earlier by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). These Google product vulnerabilities, including Google android phones, Google Nest Mini, Google Pixel Watch and Google Wifi Pro have all been rated as high-risk per the criteria listed below.

These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

CISA FIRMWARE Vulnerabilities for January 2024

Vendor/Product: hihonor -- nth-an00_firmware

Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Published Date:  12/29/2023

CVSS Score:  7.1

Source:  CVE-2023-23433

Patch Info: Incorrect Privilege Assignment in Some Honor Products | HONOR Global (hihonor.com)

Vendor/Product: Honor -- nth-an00_firmware

Description:  Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

Patch ID:  MOLY01161825; Issue ID: MOLY01161825 (MSV-895).

Published Date:  12/29/2023

CVSS Score:  9.8

Source:  CVE-2023-23424

Patch Info: Incorrect Privilege Assignment in Some Honor Products | HONOR Global (hihonor.com)

Vendor/Product: totolink -- n350rt_firmware

Description: A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published Date:  12/31/2023

CVSS Score:  8.8

Source:  CVE-2023-7187

Patch Info:  n/a

Vendor/Product:  hitachi_energy -- rtu500_series_cmu_firmware

Description: A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

Published Date:  01/04/2024

CVSS Score:  7.5

Source:  CVE-2022-2081

Patch Info: Hitachi Energy Publisher

Vendor/Product:  totolink -- x2000r_firmware

Description: TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.

Published Date:  12/30/2023

CVSS Score:  9.8

Source:  CVE-2023-51133

Patch Info:  n/a

Vendor/Product:  totolink -- x2000r_firmware

Description: TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

Published Date:  12/30/2023

CVSS Score:  9.8

Source: NVD - CVE-2023-50651

Patch Info: n/a

If you suspect you may have a vulnerability that you need help to mitigate, the cybersecurity team Spry Squared is standing by.