Aleph Research Vulnerability Reports:

12/21/23

CVE-2023-7017
The firmware of the Kontrol Lux lock can be updated w/o AuthZ/AuthC
12/21/23

CVE-2023-7009
The Kontrol Lux lock can be forced to process arbitrary unencrypted messages
12/21/23

CVE-2023-7007
A Gateway G2 can be impersonated using its MAC address
12/21/23

CVE-2023-7004
The TTLock app does not properly verify that it is connected to a real lock
12/21/23

CVE-2023-6960
TTLock virtual keys can be reused even after invalidation
12/21/23

CVE-2023-7003
Challenge response can be retried indefinitely upon failure
12/21/23

CVE-2023-7005
Protocol downgrade on the TTLock app can expose the unlock key
12/21/23

CVE-2023-7006
Challenge response can be retried indefinitely upon failure
03/12/23

CVE-2023-30160
Unauthorized attacker can connect to the MQTT server controlling all of Electra's Smart AC units and gain full control of them
03/12/23

CVE-2023-24504
Attacker within WiFi range can cause unconfigured units to connect to a malicious update server
03/12/23

CVE-2023-24503
Attacker within IR range can install arbitrary firmware over the air
03/12/23

CVE-2023-24502
A WiFi hotspot with a known password is always availiable on unconfigured units
03/12/23

CVE-2023-24501
Credentials for connecting to the MQTT server hardcoded inside the firmware
03/12/23

CVE-2023-24500
Attacker within WiFi range can install arbitrary firmware over the air on unconfigured units
06/03/21

CVE-2021-33813
XXE in JDOM library - Java
03/09/21

CVE-2021-25155
Authenticated Arbitrary File Write via Web UI (cplogo-install)
03/09/21

CVE-2021-25162
Unauthenticated Command Injection via Web UI
03/09/21

CVE-2021-25161
Authenticated Reflected Cross-Site Scripting (cp_perview)
03/09/21

CVE-2021-25160
Authenticated Arbitrary File Write via Web UI to Specific Backup File
03/09/21

CVE-2021-25159
Authenticated Arbitrary File Write via Web UI (cp-upload)
03/09/21

CVE-2021-25158
Unauthenticated Arbitrary File Read via Race Condition Vulnerability
03/09/21

CVE-2021-25157
Authenticated Arbitrary File Read via Web UI (cplogo-install)
03/09/21

CVE-2021-25156
Authenticated Arbitrary Directory Create via Web UI (cplogo-install)
01/21/21

CVE-2021-25684
Stuck reading fifo file in Apport
01/21/21

CVE-2021-25683
Incorrect parsing of /proc/pid/stat in Apport
01/21/21

CVE-2021-25682
Incorrect parsing of /proc/pid/status in Apport
06/07/20

CVE-2020-13917
rkscli jailbreak
06/07/20

CVE-2020-13919
Authenticated command injection in emfd/libemf
06/07/20

CVE-2020-13918
Infromation leakage from /upnp.jsp
06/07/20

CVE-2020-13916
Stack buffer overflow in webs
06/07/20

CVE-2020-13915
Unauthenticated admin credentials overwrite
06/07/20

CVE-2020-13914
Webserver denial fo service
06/07/20

CVE-2020-13913
XSS in /admin/_wla_cmdstat.jsp
02/04/20

CVE-2020-6401
Insufficient validation of untrusted input in Omnibox
12/17/19

ALEPH-2019014
Ruckus CLI (rkscli) jailbreak
12/17/19

CVE-2019-19843
Admin credentials leakage
12/17/19

CVE-2019-19842
Remote command injection via a crafted HTTP request (cmdSpectraAnalysis)
12/17/19

CVE-2019-19841
Remote command injection via a crafted HTTP request (cmdPacketCapture)
12/17/19

CVE-2019-19840
Stack buffer overflow in zap executable
12/17/19

CVE-2019-19839
Remote command injection via a crafted HTTP request (cmdImportCategory)
12/17/19

CVE-2019-19838
Remote command injection via a crafted HTTP request (cmdImportAvpPort)
12/17/19

CVE-2019-19837
Information disclosure vulnerability
12/17/19

CVE-2019-19836
Remote code execution vulnerability via zap
12/17/19

CVE-2019-19835
SSRF vulnerability in zap
12/17/19

CVE-2019-19834
Ruckus CLI (ruckus_cli2) jailbreak
10/22/18

ALEPH-2018006
Potential DOS vulnerability in WCF services
10/22/18

ALEPH-2018005
Potential DOS vulnerability in applications that use ASP.NET Web API
10/22/18

ALEPH-2018004
Applications that use Newtonsoft.Json might be exposed to DOS vulnerability
10/22/18

ALEPH-2018003
DOS vulnerability in Azure Active Directory Graph API
10/22/18

ALEPH-2018002
DOS Vulnerability in SharePoint 2016 Server
10/22/18

CVE-2018-8269
OData Denial of Service Vulnerability
01/22/18

ALEPH-2017029
Nokia 6/5 EDL triggering through USB
01/22/18

QPSIIR-909
Qualcomm EDL Firehose Programmers Peek and Poke Primitives
01/22/18

CVE-2017-13174
Google Nexus 6 & 6P EDL triggering through ADB
01/22/18

CVE-2017-5947
OnePlus EDL triggering through ADB or Hardware Key Combination
01/09/18

CVE-2017-0829
Motorola Bootloader Old UTAGs may lead to Kernel Command-line Injection
08/30/17

A-62345923
Motorola Android Bootloader Unlocking a Re-locked Bootloader from Platform OS
08/01/17

CVE-2017-11105
OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
06/13/17

CVE-2017-0648
Google Nexus 9 Ephemeral Access to Unrestricted FIQ Debugger and SysRq
05/25/17

ALEPH-2017017
Apple iOS/watchOS/tvOS IOKit Buffer Overflow in Device-Tree Parsing
05/23/17

CVE-2017-1000363
Linux lp.c Out-of-Bounds Write via Kernel Command-line
05/23/17

CVE-2016-10277
Motorola Android Bootloader Kernel Cmdline Injection Secure Boot Bypass
05/11/17

CVE-2016-10370
OnePlus OTA Lack of TLS Vulnerability
05/11/17

CVE-2017-8851
OnePlus OTA One/X Crossover Vulnerability
05/11/17

CVE-2017-8850
OnePlus OTA OxygenOS/HydrogenOS Crossover Vulnerability
05/11/17

CVE-2017-5948
OnePlus OTA Downgrade Vulnerability
05/04/17

CVE-2017-0582
Google Nexus 9 SensorHub Firmware Downgrade Vulnerability
05/03/17

CVE-2017-0563
Google Nexus 9 Cypress SAR Firmware Injection via I2C
04/27/17

CVE-2017-8300
TBA
04/25/17

CVE-2017-5625
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot
04/06/17

ALEPH-2017018
TBA
03/28/17

CVE-2017-2436
macOS IOFireWireAVC Kernel Extension Out of Bounds Vulnerability
03/26/17

CVE-2017-5622
OnePlus 3/3T OxygenOS Charger Boot Mode ADB Access
03/19/17

CVE-2017-5623
OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing
03/08/17

CVE-2017-0510
Google Nexus 9 Unauthorized Access to FIQ Debugger
03/01/17

ALEPH-2017012
TBA
02/08/17

CVE-2017-5626
OnePlus 3/3T OxygenOS 4F500301 Bootloader Locking Bypass
02/08/17

CVE-2017-5624
OnePlus 3/3T OxygenOS dm-verity Security Bypass
02/06/17

CVE-2017-0433
Google Nexus Synaptics Touchscreen Firmware Injection
01/27/17

CVE-2017-3160
Cordova-Android MiTM Remote Code Execution
01/11/17

CVE-2017-5554
OnePlus 3/3T OxygenOS SELinux Security Bypass
01/05/17

CVE-2016-8467
Google Nexus 6/6P Custom Boot Modes USB Configs Override
12/05/16

CVE-2016-8393
Google Android Synaptics Touchscreen Heap Overflow #2
12/05/16

CVE-2016-8394
Google Android Synaptics Touchscreen Heap Overflow
10/04/16

CVE-2016-6678
Google Nexus 6 f_usbnet Kernel Uninitialized Memory Leak Over USB
09/05/16

CVE-2016-3873
Google Nexus 9 Arbitrary Kernel Write
09/05/16

ALEPH-2016000
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB
06/21/16

ALEPH-2016007
Xiaomi MIUI Analytics Remote Code Execution
11/20/15

CVE-2015-1097
Apple iOS IOMobileFramebuffer Information Disclosure
11/20/15

CVE-2015-5257
Weak Randomization of BridgeSecret for Apache Cordova Android
08/10/15

CVE-2015-2020
MyScript Android SDK Deserialization Code Execution
08/10/15

CVE-2015-2004
GraceNote GNSDK Android SDK Deserialization Code Execution
08/10/15

CVE-2015-2003
PJSIP PJSUA2 Android SDK Deserialization Code Execution
08/10/15

CVE-2015-2002
esri ArcGis Android SDK Deserialization Code Execution
08/10/15

CVE-2015-2001
MetaIO Android SDK Deserialization Code Execution
08/10/15

CVE-2015-2000
Jumio Android SDK Deserialization Code Execution
08/10/15

CVE-2015-3837
Android OpenSSLX509Certificate Deserialization Code Execution
12/03/14

ALEPH-2014011
VASCO MyDigipass OAuth Unverified Email Social Login Bypass
12/03/14

ALEPH-2014010
Amazon OAuth Unverified Email Social Login Bypass
12/03/14

ALEPH-2014009
LinkedIn OAuth Unverified Email Social Login Bypass
07/28/14

CVE-2014-3502
Apache Cordova for Android Leak via URL Loading
07/28/14

CVE-2014-3500
Apache Cordova for Android Cross-App Scripting
07/28/14

CVE-2014-3501
Apache Cordova for Android Whitelist Bypass for Non-HTTP URLs
06/30/14

CVE-2014-3100
Android KeyStore Stack Buffer Overflow
03/25/14

CVE-2014-1506
Firefox for Android Crash Reporter File Manipulation
03/25/14

CVE-2014-1515
Firefox for Android Automatic File Download to SD Card
03/25/14

CVE-2014-1516
Firefox for Android Profile Directory Name Weak Randomization
03/11/14

CVE-2014-8889
Dropbox Android SDK INTERNAL_WEB_HOST Security Bypass
02/04/14

CVE-2014-1484
Firefox for Android Profile Directory Name Leaks to Android System Log
12/10/13

ALEPH-2013000
Android Fragment Injection
08/13/13

CVE-2012-2808
Weak Randomness in Android's DNS Resolver
08/13/13

ALEPH-2013001
BIND 9 NS Selection SRTT Algorithm Weakness
10/18/12

ALEPH-2012001
Dropbox for iOS & Android Cross-Zone Scripting
10/18/12

ALEPH-2012000
Google Drive iOS App Cross-Zone Scripting
07/12/12

CVE-2012-0175
Microsoft Windows Shell Command Injection
07/10/12

CVE-2012-1858
Microsoft toStaticHTML HTML Sanitizing Bypass
05/03/12

CVE-2011-3901
Android SQLite Journal Information Disclosure
01/19/12

ALEPH-2012004
Microsoft Anti-XSS Library Bypass
10/18/11

CVE-2011-3552
Oracle Java Remote DNS Poisoning via Port Exhausion #2
10/18/11

ALEPH-2011003
Microsoft Windows Unprivileged DNS Cache Flushing
10/18/11

ALEPH-2011002
Microsoft Windows Port Exhaustion Weakness
10/18/11

CVE-2010-4448
Oracle Java Remote DNS Poisoning via Port Exhausion
10/11/11

CVE-2011-1364
Google App Engine Python SDK Code Execution
09/20/11

ALEPH-2011007
Opera Mobile for Android Cache Poisoning XAS
09/20/11

ALEPH-2011006
Dolphin Browser HD Cross-Application Scripting
07/31/11

CVE-2011-2357
Android Browser Cross-Application Scripting
07/21/11

CVE-2011-1252
Microsoft toStaticHTML HTML Sanitizing Information Leak Vulnerability
08/02/09

CVE-2009-1869
Adobe Flash Player and AIR AVM2 intf_count Integer Overflow
06/02/09

CVE-2009-0955
Apple QuickTime Image Description Atom Sign Extension Memory Corruption
04/23/09

CVE-2009-1412
Google Chrome ChromeHTML Protocol Handler Universal XSS
10/08/08

CVE-2009-0519
Adobe Flash Out-of-Bounds Memory Read DoS
10/08/08

CVE-2008-4555
Graphviz Stack Buffer Overflow Code Execution
09/09/08

CVE-2008-3624
Apple QuickTime QTVR Sign-Extension Heap Overflow