TP-Link TL-WR849N version 0.9.1 4.16 suffers from a firmware upload authentication bypass vulnerability.

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse it. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysname.fcgi), where despite a check on the name length, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.

Walmart Inc. sued Tesla Inc., claiming it failed to live up to industry standards in the installation of solar panels on top of hundreds of stores, resulting in multiple fires across the U.S.

Nonprofit advocacy groups linked to DTE Energy are waging a public campaign to significantly reduce the amount customers are paid for their solar power, in line with the utility’s request before Michigan regulators.

Talks between Germany and Norway about how to boost the trading of electricity from renewable sources are being held up by concerns that the power cable running under the North Sea won’t ever make money.

South Australia Minister for Trade, Tourism and Investment, David Ridgway, recently hosted a roundtable in Guangzhou to promote the state’s newly launched Landing Pad program.

Striso is a digital instrument with pressure-sensitive buttons that plays a variety of acoustic-like sounds.  Read more...

Talks between Germany and Norway about how to boost the trading of electricity from renewable sources are being held up by concerns that the power cable running under the North Sea won’t ever make money.

Hackers used Aria-body, an intrusive new tool, to attack computers in Thailand, Indonesia, the Philippines, Vietnam, Myanmar and Brunei, report says.

By James H. Spencer, Sumeet Saksena, and Jefferson Fox HONOLULU (1 April 2020)—The current COVID-19 pandemic, which started in Wuhan, China, underscores what the public health community has warned about for more than two decades—the risk of viral diseases capable of spreading from animal to human hosts. The first outbreaks of “bird flu” (highly pathogenic avian influenza―HPAI, subtype H5N1) raised similar concerns 20 years ago―concerns that have persisted with the outbreak of SARS in 2002–2004 and COVID-19 today. New outbreaks of avian influenza are also still occurring in poultry and humans, primarily in Asia but also in other parts of the world.

This is a summary only. Click the title for the full article, or visit www.EastWestCenter.org/Research-Wire for more.

There are two new cases of Covid-19 today, one confirmed and one probable, the Ministry of Health said in a statement.Both cases are linked to the St Margaret's Hospital & Rest Home in Auckland.The confirmed case is a household...

More than 2,100 nightclubs, hostess bars and discos in South Korea's capital have been shut after 18 new coronavirus cases - with all but one linked to a 29-year-old man. ......

South Korea confirmed 12 new coronavirus cases on Friday, its first increase above 10 in five days, as authorities warned numbers would increase as it had identified a new cluster of infections linked to a 29-year-old man.The IT company employee had spread the virus to at least 14 others as he wandered around the capital Seoul and four neighbouring cities over a long weekend period at the start of the month, said the Korea Centres for Disease Control and Prevention.While the 12 cases were those…

The COVID-19 pandemic has exacerbated inequalities and revealed to what extent current economic models are not sustainable. It has also shown that most countries are not equipped to cope with a health crisis. The World Food Program is warning that the lives and livelihoods of 265 million people in low and middle-income countries will be […]

The post The Unseen Link Between Clean Cooking and the COVID-19 Pandemic appeared first on Inter Press Service.

Steven Broad is Executive Director, TRAFFIC, the Wildlife Trade Monitoring Network

The post COVID-19 & Human Health Risks Linked to Wildlife Trade Practices appeared first on Inter Press Service.

ISLAMABAD: Adviser to the Prime Minister on Finance and Revenue Dr Abdul Hafeez Shaikh has said the government is actively resolving the liquidity related issues of the business community by clearing...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

ISLAMABAD: Adviser to the Prime Minister on Finance and Revenue Dr Abdul Hafeez Shaikh has said the government is actively resolving the liquidity related issues of the business community by clearing...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

ISLAMABAD: Adviser to the Prime Minister on Finance and Revenue Dr Abdul Hafeez Shaikh has said the government is actively resolving the liquidity related issues of the business community by clearing...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

NEW YORK: A five-year-old boy in New York state has died from a rare inflammatory disease believed to be caused by the new coronavirus, Governor Andrew Cuomo said on Friday.“There have been 73 reported cases in NY of children getting severely ill with symptoms similar to Kawasaki disease...

The death of a 5-year-old New York boy is challenging assumptions that children are less susceptible to COVID-19 complications, Gov.

To level the playing field in Asia and the Pacific, women-owned companies need financial backing to support their importing and exporting needs.

Due to the global COVID-19 pandemic, engineers and scientists are finding themselves suddenly working from home or other remote locations. We’d like to help you continue to use MATLAB and Simulink productively. We hope this brief collection of resources will help you access MATLAB, collaborate and connect with others, and... read more >>