CVE-2025-2894

2025-03-27 8:57:25 PM CDT

CVE-2025-2894: Unitree Go1 Backdoor Control Channel

AHA! has discovered an issue with the Go1 from Unitree, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on March 27, 2025. CVE-2025-2894 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Unitree, makers of the Go1, also known as “The World’s First Intelligence Bionic Quadruped Robot Companion of Consumer Level,” contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service by Oray.

CVE-2024-4224

2024-07-15 2:34:24 PM CDT

CVE-2024-4224: TP-Link TL-SG1016DE XSS

AHA! has discovered an issue with the TL-SG1016DE from TP-Link, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on July 15, 2024. CVE-2024-4224 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator’s browser. CVE-2024-4224 is an instance of CWE-79.

CVE-2023-5841

2024-01-31 1:37:24 PM CDT

CVE-2023-5841: Academy Software Foundation OpenEXR Heap Overflow in Scanline Deep Data Parsing

AHA! has discovered an issue with OpenEXR from The Academy Software Foundation, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Wednesday, Jan 31, 2023. CVE-2023-5841 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. CVE-2023-5841 appears to be an instance of CWE-122.

CVE-2023-4504

2023-09-21 1:37:23 PM CDT

CVE-2023-4504: OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow

AHA! has discovered an issue with CUPS and libppd from OpenPrinting, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, September 21, 2023. CVE-2023-4504 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to failure in validating the length provided by an attacker-crafted CUPS PPD file, CUPS version v2.5b1 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution. CVE-2023-4504 appears to be an instance of CWE-122, a heap-based buffer overflow.

CVE-2023-2906

2023-08-24 1:37:23 PM CDT

CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS

AHA! has discovered a deinal-of-service issue with [Wireshark] from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, August 24, 2023. CVE-2023-2906 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 appears to be an instance of CWE-369. Note that, according to the patch notes, this effect can only be achieved when a user triggers the vulnerable code patch with the “Decode As…” functionality of Wireshark (or the -d option for tshark), so this vulnerability is unlikely to be triggerable in an automated way.

← Newer posts Older posts →