Author: Cyberthreat Blog

On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.

iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the “cube” and it will stop responding.

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator...

iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.