December 9, 2024 at 01:29PM The OpenWrt Project has released a critical patch addressing a vulnerability (CVE-2024-54143) that could allow attackers to inject malicious firmware through its sysupgrade server. Issues include command injection in the image builder and truncated SHA-256 hash collisions, compromising firmware integrity. Users are urged to upgrade to mitigate risks. ### Meeting … Read more
December 9, 2024 at 09:07AM OpenWrt users are urged to upgrade to the same version due to a reported supply chain attack affecting the attended sysupgrade server. Vulnerabilities allow attackers to serve compromised firmware through command injection and weak hash issues. While risks are low, users should update immediately or apply specific commits to secure … Read more
August 19, 2024 at 09:43AM Lawmakers call for an investigation into TP-Link routers due to concerns that Chinese-made Wi-Fi routers could give China access to US systems. They argue that TP-Link’s ties to Chinese technology and security laws raise risks of state-sponsored hacking. The company faces scrutiny over the potential threat and its recent separation … Read more
December 11, 2023 at 10:12AM Google announced patches for high- and moderate-severity vulnerabilities in Chromecast, disclosed at the HardPwn USA 2023 competition. Three exploits were recognized, with reward recipients named. Vulnerabilities include supply chain interception and Android TV streaming box malware injection. Exploits allow persistent code execution without the user’s knowledge. Additionally, researchers identified attack … Read more