Security News > 2017 > July > Exploitable gSOAP flaw exposes thousands of IoT devices to attack (Help Net Security)
2017-07-19 20:41
Researchers have unearthed a serious vulnerability in gSOAP, an open source, third-party code library used by thousands of IoT by many different manufacturers. Senrio Labs exploit Axis Communications M3004 security camera with Devil’s Ivy exploit Devil’s Ivy (CVE-2017-9765) The stack buffer overflow vulnerability – nicknamed “Devil’s Ivy” – was discovered by researchers with IoT cybersecurity outfit Senrio, during their analysis of the remote configuration service of a web camera manufactured by Axis Communications. More technical … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/lmS0nybL2E8/
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-9765 | Integer Overflow or Wraparound vulnerability in Genivia Gsoap Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. | 8.1 |