""By exploiting improper validation of packet input, an attacker can control an argument passed to the device's built-in system call and achieve full takeover of the Linux-based device, gaining root privileges and arbitrary code execution.""
""The vulnerabilities can be exploited by remote attackers against internet-exposed EnOcean devices to bypass memory protections, leak memory, and execute arbitrary commands.""
Claroty researchers identified vulnerabilities in EnOcean's SmartServer IoT platform, including a security bypass and remote code execution flaw. These vulnerabilities can be exploited by remote attackers to bypass memory protections, leak memory, and execute arbitrary commands. By improperly validating packet input, attackers can gain full control of the Linux-based device, achieving root privileges. EnOcean has been notified and released an update to patch these vulnerabilities, which also affect legacy i.LON devices.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]