Security News > 2017 > July > Exploitable gSOAP flaw exposes thousands of IoT devices to attack (Help Net Security)
2017-07-19 20:41
Researchers have unearthed a serious vulnerability in gSOAP, an open source, third-party code library used by thousands of IoT by many different manufacturers. Senrio Labs exploit Axis Communications M3004 security camera with Devil’s Ivy exploit Devil’s Ivy (CVE-2017-9765) The stack buffer overflow vulnerability – nicknamed “Devil’s Ivy” – was discovered by researchers with IoT cybersecurity outfit Senrio, during their analysis of the remote configuration service of a web camera manufactured by Axis Communications. More technical … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/lmS0nybL2E8/
Related news
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-9765 | Integer Overflow or Wraparound vulnerability in Genivia Gsoap Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. | 8.1 |